EUVD-2021-30901

Malicious code in bioql PyPI...

EUVD-2024-2536

Malicious code in bioql PyPI...

CVE-2024-52005

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

CVE-2024-52005

CVE-2024-52005 affects Git via ANSI escape sequence injections in the sideband channel. A PoC demonstrates exploitation; affected versions include pre-2.48.1, 2.47.3, 2.46.5, 2.45.4, and 2.44.3. Impacts include hiding/misrepresenting output, fake security prompts, social‑engineering payloads, and...

CVE-2024-8571 erjemin roll_cms views.py information exposure

A vulnerability was found in erjemin rollcms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file rollcms/rollcms/views.py. The manipulation leads to information exposure through error message. This product takes the...

gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

Legal Robot: content spoofing

go to 'Sign in to Legal Robot Ideas Portal' this link 'https://legalrobot.ideas.aha.io/portalsession/new' 2.and enters invalid login credential , the user will the redirected to this link:...

ProductCart XSS Vulnerability

ProductCart XSS Vulnerability found by atomix i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as script and iframe to be used: http://www.website.com/ProductCart/pc/msg.asp?message=scriptalert document.cookie;/script...