Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

EUVD-2011-3739

Malware in sbrugna...

EUVD-2006-5477

Malware in sbrugna...

EUVD-2019-17673

Malware in sbrugna...

EUVD-2017-3069

Malware in sbrugna...

EUVD-2003-1035

Malware in sbrugna...

EUVD-2015-6412

Malware in sbrugna...

EUVD-2023-28996

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-23913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the...

CVE-2025-8741

CVE-2025-8741 concerns macrozheng mall up to version 1.0.3. The vulnerability affects an unknown functionality of the /admin/login URL and leads to cleartext transmission of sensitive information. It can be exploited remotely with high attack complexity and without user interaction. Exploit detai...

CVE-2025-50472

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...

CVE-2020-0195

In ihevcdiquantitransreconctb of ihevcdiquantitransreconctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

CVE-2019-9406

In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552517...

CVE-2019-9359

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302...

Deserialization Of Untrusted Data

apache.nms.activemq is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to unbounded deserialization of data from untrusted servers, allowing them to send malicious payloads that may result in Remote Code Execution RCE...

CVE-2025-27244

AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker...

DEBIAN-CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

UBUNTU-CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

CVE-2024-50402

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...