EUVD-2025-29458

Malicious code in bioql PyPI...

EUVD-2024-44043

Malicious code in bioql PyPI...

EUVD-2025-30424

Malicious code in bioql PyPI...

EUVD-2025-29119

Malicious code in bioql PyPI...

EUVD-2022-1593

Malicious code in bioql PyPI...

text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS

Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...

CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...

SUSE-SU-2025:03445-1 Security update for snpguest

This update for snpguest fixes the following issues: - CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing bsc1243869. - CVE-2025-3416: openssl: use-after-free in Md::fetch and...

PT-2025-39896

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description A protection mechanism failure exists in the file get contents function...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

get-jwks 安全漏洞

get-jwks is a Nearform open source utility for obtaining JWKS keys. A security vulnerability exists in get-jwks versions prior to 11.0.2, which stems from a cache poisoning issue in the JWKS key fetching mechanism that could lead to bypassing issuer authentication...

CVE-2025-10832

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has bee...

CVE-2025-59527

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-59343 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rustup (SUSE-SU-2025:03298-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03298-1 advisory. - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode bsc1243862 -...

SUSE-SU-2025:03307-1 Security update for sevctl

This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch bsc1242618...

SUSE-SU-2025:03306-1 Security update for sevctl

This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch bsc1242618...

Security update for sevctl

This update for sevctl fixes the following issues: CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch bsc1242618 Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-10832

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has bee...

CVE-2025-10832

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has bee...