EUVD-2024-16682

Malicious code in bioql PyPI...

CVE-2024-58040

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

CVE-2025-9216

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2025-2002)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-9532

Portabilis i-Educar up to version 2.10 contains a SQL injection in the RegraAvaliacao/view path triggered by manipulating the ID parameter. The flaw is exploitable remotely and has published proof-of-concept materials in public references. Multiple sources (Red Hat, NVD, CVE lists, and vendor-foc...

CVE-2025-30064

Technical details about CVE-2025-30064 are not publicly provided in the supplied connected documents. Monitor for updates from official advisories; current sources do not reveal affected products, versions, or remediation steps.

gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

In version before, sig.s used without asserting 0 ≤ S order in Verify function in eddsa.go and ecdsa.go, which will lead to signature malleability vulnerability. Impact Since gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same publi...

CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent operator function handling due to a flaw in OperatorFuncNode that allows untrusted operator methods to be hidden and reused to invoke seemingly safe functions...

The vulnerability of the Mail function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Mail function in the MyBB forum creation software is related to insufficient testing of requests on the server side. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the mbedtls_ssl_set_hostname function in Mbed TLS software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the mbedtlssslsethostname function in Mbed TLS software is related to insecure resource initialization. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2021-22313

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to the Vyper compiler skipping evaluation of the start argument in the slice function when length is 0 and the source is a special location like msg.data or .code, allows an attacker to suppress execution of...

The vulnerability of the rand() function in the Crypt-Random random number generation module for Perl allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the rand function in the Crypt-Random random number generation module for Perl is related to errors in the code of the pseudo-random number generator. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

aiven-extras 代码问题漏洞

aiven-extras is an aiven open source tool that enables non-super users to access certain database functions. A code issue vulnerability exists in aiven-extras versions prior to 1.1.15, which stems from a format function that does not use a schema prefix, and could lead to elevated privileges...

CVE-2025-32053

A flaw was found in libsoup. A vulnerability in snifffeedorhtml and skipinsignificantspace functions may lead to a heap buffer over-read...

BIT-JOOMLA-2021-26037 [20210703] - Core - Lack of enforced session termination

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked...

The vulnerability of the sctp_sf_ootb() function in the net/sctp/sm_statefuns.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sctpsfootb function in the net/sctp/smstatefuns.c module of the Linux kernel is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...