101 matches found
EUVD-2020-5696
Malware in sbrugna...
EUVD-2025-12614
Malicious code in bioql PyPI...
EUVD-2025-10552
Malicious code in bioql PyPI...
EUVD-2024-52655
Malicious code in bioql PyPI...
EUVD-2021-30484
Malicious code in bioql PyPI...
EUVD-2022-44727
Malicious code in bioql PyPI...
EUVD-2022-39285
Malicious code in bioql PyPI...
EUVD-2024-36072
Malicious code in bioql PyPI...
EUVD-2024-34613
Malicious code in bioql PyPI...
EUVD-2023-3033
Malicious code in bioql PyPI...
EUVD-2024-0890
Malicious code in bioql PyPI...
CVE-2025-52456
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based...
CVE-2025-53510
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffe...
CVE-2025-54802
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
AlmaLinux 9 : git (ALSA-2025:11462)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11462 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...
CVE-2025-51459
File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...
CVE-2025-51650
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...
CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...
CVE-2025-34060
CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...
CVE-2025-45890
Summary: CVE-2025-45890 affects novel plus prior to 5.1.0, enabling a remote attacker to trigger directory traversal and arbitrary code execution via the filePath parameter. The vulnerability is supported by multiple feeds (NVD/Red Hat/CIRCL) with the same vulnerable vector and indicates a high-s...