617 matches found
PYSEC-2025-83
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope version 0.0.4, which stems from the presence of directory traversal in the /read-examples endpoint, which allows an attacker to read...
Penetration Testing Steps and Tools
This whitepaper goes over reconnaissance of a target, various types of attacks leveraged during penetration testing, and provides examples of the commands used in the process...
MAL-2025-2186 Malicious code in paymaster-bundler-examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976dfeb2cefe9c3b2fc6b0da31c62937a4bdbaabc387c7f16ce1a86e2b872e7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in paymaster-bundler-examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 976dfeb2cefe9c3b2fc6b0da31c62937a4bdbaabc387c7f16ce1a86e2b872e7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2040 Malicious code in grpc-examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b24550ca95d1b3f32e64730ef0909c4080788c96e910d97b45b9e598e4b9c222 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exploit for CVE-2025-24752
CVE-2025-24752-POC Introduction This python application c...
DEBIAN-CVE-2025-21814
In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info-enable callback is always set The ioctl and sysfs handlers unconditionally call the -enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptps390.c,...
Malicious code in realtime-examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30a419d00d6726fcd2d97dfde72e8d41922e2fe0a0179c77beae95f697990241 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1526 Malicious code in realtime-examples (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30a419d00d6726fcd2d97dfde72e8d41922e2fe0a0179c77beae95f697990241 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in 1password-sdk-examples (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...
PT-2025-7214 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal vulnerability was discovered in the WeGIA application, affecting the examples.php endpoint. This issue could allow an attacker to gain unauthorized access to sensitive information...
Vulnerability-learning
It is an offensive tool for web application security. The reposi...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2024-50379: Fixed remote code execution RCE due to TOCTOU issue in JSP compilation bsc1234663. CVE-2024-54677: Fixed denial-of-service DoS attack in examples web application bsc1234664. Patch Instructions: To install this SUSE update use the...
Small business owners, secure your web shop
An online shop is more than just another way to sell your products. It comes with a responsibility to keep the web shop secure. Cybercriminals are looking to steal your customers’ credit card details, their personal data, and even your revenue. And it’s not as if using a platform that is used by...
com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)
org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.250 and more Source cves: CVE-2025-23015 Source advisory:...
MAL-2025-1050 Malicious code in shader-examples (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be893a664956943dd2d7acfe083a05148592f7ce7adb2991f68fd577391651ab Any computer that has this package installed or running should be considered...
Malicious code in shader-examples (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be893a664956943dd2d7acfe083a05148592f7ce7adb2991f68fd577391651ab Any computer that has this package installed or running should be considered...
Malicious code in blockly-examples (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-809 Malicious code in blockly-examples (npm)
--- -= Per source details. Do not edit below this line.=-...