1177 matches found
EUVD-2023-44381
Malicious code in bioql PyPI...
EUVD-2023-32301
Malicious code in bioql PyPI...
EUVD-2021-28043
Malicious code in bioql PyPI...
EUVD-2023-2935
Malicious code in bioql PyPI...
EUVD-2023-1887
Malicious code in bioql PyPI...
EUVD-2024-22955
Malicious code in bioql PyPI...
EUVD-2023-57862
Malicious code in bioql PyPI...
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
PT-2025-35926
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
The vulnerability of the system() function in the bin/goahead software for D-Link DIR-816 A2 wireless routers allows a hacker to execute arbitrary code.
The vulnerability of the system function in the bin/goahead microprogramming software for D-Link DIR-816 A2 wireless routers is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system allows a hacker to execute arbitrary commands.
The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system is related to the lack of measures taken to clean data at the administrative level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the PAN-OS operating system, related to the lack of measures for cleaning incoming data, allows attackers to compromise the integrity of protected information.
The vulnerability of the PAN-OS operating system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...
PT-2025-30330 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in Live Helper Chat version 4.60. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Telegra...
PT-2025-30100 · Unknown · Food Ordering Review System
Name of the Vulnerable Software and Affected Versions: code-projects Food Ordering Review System version 1.0 Description: A critical vulnerability exists in the Food Ordering Review System. The vulnerability affects unknown code within the /pages/signup function.php file. Manipulation of the fnam...
PT-2025-30070 · Unknown · Agorum Core Open
Name of the Vulnerable Software and Affected Versions: agorum core open versions 11.9.2 and 11.10.1 Description: The software contains an XML External Entity XXE issue via the RSSReader endpoint. Attackers can potentially access sensitive data by providing a crafted XML input. Recommendations: Fo...
The vulnerability of the formBSSetSitesurvey() function (/goform/formBSSetSitesurvey) in the Wi-Fi range expansion software by Belkin F9K1122 allows a intruder to execute arbitrary commands.
The vulnerability of the formBSSetSitesurvey function /goform/formBSSetSitesurvey of the Belkin F9K1122 Wi-Fi range extender software is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...
Model Inversion Attacks on Llama 3: Extracting PII from Large Language Models
Large language models LLMs have transformed natural language processing, but their ability to memorize training data poses significant privacy risks. This paper investigates model inversion attacks on the Llama 3.2 model, a multilingual LLM developed by Meta. By querying the model with carefully...
The vulnerability of the Command Execution function in the file manager for managing files and directories in the File Browser allows a hacker to gain access to read and modify files.
The vulnerability of the Command Execution function in the file manager and File Browser web manager is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read and modify files...
Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084
Project Paragraphs table provides a field for a collection table. The module doesn't sufficiently sanitise certain data attributes allowing Cross Site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing...
The vulnerability of the `easy_uci_set_option_string_0()` function in the `/cgi-bin/lighttpd.cgi` file of the LB-LINK BL-AC3600 router’s microprogramming system allows a hacker to execute arbitrary code.
The vulnerability of the easyucisetoptionstring0 function in the /cgi-bin/lighttpd.cgi file of the LB-LINK BL-AC3600 router microprogramming system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow an attacker operating...