Exploit for CVE-2025-30208

Disclaimer: The vulnerabilities described in this document, a...

Directory Traversal

agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...

com.github.sakserv:hadoop-mini-clusters (=0.0.14), com.github.sakserv:hadoop-mini-clusters-oozie (>=0.1.1 <=0.1.16) +13 more potentially affected by CVE-2025-26796 via org.apache.oozie:oozie-core (>=4.1.0 <=5.2.1)

org.apache.oozie:oozie-core MAVEN version =4.1.0, =0.1.1, =1.0, =1.2, =4.2.0, =5.2.0, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =5.2.1 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2025-26796 Source advisory: SNYK:JAVA-ORGAPACHEOOZIE-9512888...

External Control of File Name or Path

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to External Control of File Name or Path through the /read-examples endpoint. An attacker can read any local JSON file, containing API keys by sending a crafted POST...

aporacle (>=0.0.126 <=0.0.143), assemblit (>=0.1.11 <=0.1.13) +17 more potentially affected by CVE-2024-8183 via prefect (>=2.0.0b16 <=2.19.4)

prefect PYPI version =2.0.0b16, =0.0.126, =0.1.11, =5.2.3, =2.37.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =0.3.2, =0.0.217, =0.1.1, =0.15.3, =0.6.5, =0.6.8 - orchestration-utils =0.0.1 - prefect-duckdb =0.1.0a1 and more Source cves: CVE-2024-8183 Source advisory: SNYK:PYTHON-PREFECT-9487016...

ai.h2o:sparkling-water-api-generation_2.11 (>=3.34.0.3-1-2.2 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-api-generation_2.12 (>=3.34.0.3-1-3.0 <=3.46.0.6-1-3.5) +9 more potentially affected by CVE-2024-10572 via ai.h2o:h2o-ext-xgboost (>=3.34.0.1 <=3.46.0.6)

ai.h2o:h2o-ext-xgboost MAVEN version =3.34.0.1, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.1-1-2.2, =3.34.0.1-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =2.0.0, =2.0.1 Source cves: CVE-2024-10572 Source advisory:...

CVE-2024-8524

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

AgentScope 安全漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope version 0.0.4, which stems from the presence of directory traversal in the /read-examples endpoint, which allows an attacker to read...

Penetration Testing Steps and Tools

This whitepaper goes over reconnaissance of a target, various types of attacks leveraged during penetration testing, and provides examples of the commands used in the process...

MAL-2025-2186 Malicious code in paymaster-bundler-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976dfeb2cefe9c3b2fc6b0da31c62937a4bdbaabc387c7f16ce1a86e2b872e7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paymaster-bundler-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976dfeb2cefe9c3b2fc6b0da31c62937a4bdbaabc387c7f16ce1a86e2b872e7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2040 Malicious code in grpc-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b24550ca95d1b3f32e64730ef0909c4080788c96e910d97b45b9e598e4b9c222 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for CVE-2025-24752

CVE-2025-24752-POC Introduction This python application c...

DEBIAN-CVE-2025-21814

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info-enable callback is always set The ioctl and sysfs handlers unconditionally call the -enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptps390.c,...

Malicious code in realtime-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30a419d00d6726fcd2d97dfde72e8d41922e2fe0a0179c77beae95f697990241 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1526 Malicious code in realtime-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30a419d00d6726fcd2d97dfde72e8d41922e2fe0a0179c77beae95f697990241 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in 1password-sdk-examples (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

PT-2025-7214 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal vulnerability was discovered in the WeGIA application, affecting the examples.php endpoint. This issue could allow an attacker to gain unauthorized access to sensitive information...