EUVD-2024-41727

Malicious code in bioql PyPI...

EUVD-2025-16063

Malicious code in bioql PyPI...

EUVD-2024-15874

Malicious code in bioql PyPI...

EUVD-2024-31707

Malicious code in bioql PyPI...

EUVD-2021-8419

Malicious code in bioql PyPI...

EUVD-2023-33084

Malicious code in bioql PyPI...

EUVD-2022-15655

Malicious code in bioql PyPI...

EUVD-2021-9814

Malicious code in bioql PyPI...

EUVD-2025-20733

Malicious code in bioql PyPI...

EUVD-2024-42447

Malicious code in bioql PyPI...

EUVD-2021-34075

Malicious code in bioql PyPI...

CVE-2025-9561 AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

RISC Zero Ethereum 代码注入漏洞

RISC Zero Ethereum is a computing platform open-sourced by RISC Zero. A code injection vulnerability exists in RISC Zero Ethereum that originates from a host that can write to an arbitrary memory location of a visitor using a specially crafted response, which could lead to the execution of...

Linux Distros Unpatched Vulnerability : CVE-2025-59825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the OBSmilesParser::ParseSmiles function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input to the affected process. Remediation There is no fixed...

UBUNTU-CVE-2025-57632

libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs NextCommand, libsmb2 repeatedly calls smb2addiovector to append to a fixed-size iovec array without checking the upper bound of v-niov SMB2MAXVECTORS=256. An attacker can craft responses with many chained PDUs to...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

CVE-2025-59825

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

CVE-2025-59825

CVE-2025-59825 affects astral-tokio-tar (Rust) up to v0.5.3: tar extraction can escape the target dir via Entry::unpack_in_raw and via a symlink pair that bypasses allow_external_symlinks, potentially enabling arbitrary file writes and code execution. The issue is fixed in v0.5.4; upgrading is re...

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...