EUVD-2025-26496

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks...

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

CVE-2021-37840

aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking CSWH involving OS commands within WebSocket messages at a ws:// URL for /webssh the victim must have configured Terminal with at least one host. Successful exploitation depends on the browser used by a potential victim e.g., exploitatio...