EUVD-2025-25690

Malicious code in bioql PyPI...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118

CVE-2025-9118 is a path traversal vulnerability in the NPM package installation process of Google Cloud Dataform. The flaw allows a remote attacker to read and write files in other customers’ repositories via a maliciously crafted package.json. The CVE is rated CRITICAL (CVSS 4.0 base score 10.0)...

Google Cloud Dataform 安全漏洞

Google Cloud Dataform is a platform for automated workflow processing from Google, Inc. in the United States. A security vulnerability exists in Google Cloud Dataform that stems from path traversal during NPM package installation, which could result in reading and writing to other customer...

PT-2025-34599 · Google · Google Cloud Dataform

Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...

Design/Logic Flaw

The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact...

CVE-2007-2746

The CVE-2007-2746 entry concerns Plain Black WebGUI: the viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm for versions before 7.3.14 improperly uses data structures containing privilege information, enabling remote authenticated users to obtain sensitive data or potentially cause other u...

Cross site scripting

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

CVE-2006-0165

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

CVE-2006-0165

CVE-2006-0165 affects Plain Black WebGUI (DataForm Entries) prior to version 6.8.4 (gamma). The vulnerability arises in the default email form’s url and name fields, enabling remote attackers to inject arbitrary Javascript (XSS). The provided sources confirm the affected product and vulnerable co...