Malicious code in ml2000 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6 On invoking the ml2000 CLI with no arguments, interactivemenu in src/mllabs/generator.py writes a batch file and launches it via...

EUVD-2026-19400

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-5671

CVE-2026-5671 affects Cyber-III Student-Management-System (up to 1a938fa61e9f735078e9b291d2e6215b4942af3f). The vulnerability is in the Class Schedule Deletion Endpoint, specifically the file /admin/class%20schedule/delete_batch.php, where manipulating the argument batch enables cross-site script...

EUVD-2025-24138

Malicious code in bioql PyPI...

CVE-2025-10977 JeecgBoot deleteBatch improper authorization

A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The...

CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

GHSA-P6X3-V6G3-7557 Aim Relative Path Traversal vulnerability

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

Relative Path Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Relative Path Traversal through the runs/delete-batch endpoint. An attacker can delete arbitrary files or directories, potentially causing denial of service or data...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from unmitigated path traversal in the runs/delete-batch endpoint, and could lead to arbitrary file or directory deletion...

SUSE CVE-2022-48939

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcubarrier Nothing prevents batch ops to...

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins batch task Plugin 1.19 and earlier versions are vulnerable to cross-site request forgery. An attacker with...