WSO2 - Cross-Site Scripting

WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0,...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...

EUVD-2020-17418

Malware in sbrugna...

EUVD-2017-6151

Malware in sbrugna...

EUVD-2024-0054

Malicious code in bioql PyPI...

EUVD-2024-52859

Malicious code in bioql PyPI...

EUVD-2023-27719

Malicious code in bioql PyPI...

EUVD-2023-27718

Malicious code in bioql PyPI...

EUVD-2024-54233

Malicious code in bioql PyPI...

Human-Centred AI in FinTech: Developing a User Experience (UX) Research Point of View (PoV) Playbook

Advancements in Artificial Intelligence AI have significantly transformed the financial industry, enabling the development of more personalized and adaptable financial products and services. This research paper explores various instances where Human-Centred AI HCAI has facilitated these...

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

CVE-2025-24908

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

CVE-2024-52812

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

CVE-2024-52812

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

CVE-2025-27141

Metabase Enterprise Edition is affected by CVE-2025-27141: impersonation-enabled users can view cached question results that may contain data they should not access. Affected versions include 1.47.0 up to 1.50.35, 1.51.0 up to 1.51.13, 1.52.0 up to 1.52.10, and 1.53.x prior to the patched builds....

Arbitrary File Download Vulnerability in AnalyticsCloud of Beijing Zhiyuan Internet Software Co.

AnalyticsCloud AnalyticsCloud is a platform that integrates advanced data analytics technologies and tools to process data from a variety of data sources, including cloud data, local data, traditional data, and big data. An arbitrary file download vulnerability exists in AnalyticsCloud of Beijing...

MAL-2024-12318 Malicious code in omigo-data-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae4cfba5955464b4ebdf67da4386ccc25b7431d6dfc11e70146b23c0a8185860 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...

Malicious code in omigo-data-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae4cfba5955464b4ebdf67da4386ccc25b7431d6dfc11e70146b23c0a8185860 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...

CVE-2024-47168

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enablemonitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access th...