EUVD-2025-5073

Malicious code in bioql PyPI...

CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files

copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...