EUVD-2022-7275

Malicious code in bioql PyPI...

EUVD-2022-2557

Malicious code in bioql PyPI...

EUVD-2024-49230

Malicious code in bioql PyPI...

EUVD-2024-3040

Malicious code in bioql PyPI...

EUVD-2022-0340

Malicious code in bioql PyPI...

EUVD-2023-1322

Malicious code in bioql PyPI...

EUVD-2023-12191

Malicious code in bioql PyPI...

CVE-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

EUVD-2025-32328

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

redis,valkey -- Running Lua function as a different user

redis reports: An authenticated user may use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem withou...

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

PT-2025-39264

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.3.1 Description Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE issue exists due to the unsafe use of Python’s eval function on a user-controlled...

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1043 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.0.9, =0.0.1, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.1 - @alphalang-ai/alphalang =0.0.1-alpha and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23316 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23316 Source advisory:...

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23336 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23336 Source advisory:...

disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

CVE-2025-8417

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...