3101 matches found
EUVD-2023-53905
Malicious code in bioql PyPI...
EUVD-2024-53402
Malicious code in bioql PyPI...
EUVD-2025-27983
Malicious code in bioql PyPI...
EUVD-2024-19244
Malicious code in bioql PyPI...
EUVD-2025-28538
Malicious code in bioql PyPI...
EUVD-2024-40872
Malicious code in bioql PyPI...
EUVD-2023-48048
Malicious code in bioql PyPI...
EUVD-2025-27092
Malicious code in bioql PyPI...
EUVD-2022-43092
Malicious code in bioql PyPI...
EUVD-2022-46557
Malicious code in bioql PyPI...
EUVD-2025-21139
Malicious code in bioql PyPI...
CVE-2025-41010 Cross-origin resource sharing (CORS) in Hiberus Sintra
Incorrect Cross-Origin Resource Sharing CORS configuration in Hiberus Sintra. Cross-Origin Resource Sharing CORS allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol...
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use MQ clients are vulnerable to password disclosure [CVE-2025-36100]
Summary The IBM MQ client code is available in the IBM App Connect Enterprise Certified Container image used by an IntegrationServer or IntegrationRuntime component. The client is vulnerable to a password disclosure vulnerability when MQ trace is enabled. This bulletin provides patch information ...
CVE-2025-39900
In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not enabling IRQ when pdata is ready, which could cause the kernel to read unreadable memory...
CVE-2025-54875
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
CVE-2025-54875
CVE-2025-54875 affects FreshRSS up to 1.26.3. An unprivileged attacker can register a new admin user when registration is enabled by manipulating the hidden field new_user_is_admin on the user management page. Impact is privilege escalation to admin with high confidentiality/integrity/availabilit...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...