CVE-2025-59976 Junos Space: Arbitrary file download vulnerability in web interface

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file...

EUVD-2020-5405

Malware in sbrugna...

EUVD-2011-1837

Malware in sbrugna...

EUVD-2017-16870

Malware in sbrugna...

EUVD-2017-7362

Malware in sbrugna...

EUVD-2004-0741

Malware in sbrugna...

EUVD-2017-12311

Malware in sbrugna...

EUVD-2023-3258

Malicious code in bioql PyPI...

EUVD-2025-6943

Malicious code in bioql PyPI...

EUVD-2024-39181

Malicious code in bioql PyPI...

EUVD-2024-46849

Malicious code in bioql PyPI...

EUVD-2025-29034

Malicious code in bioql PyPI...

EUVD-2021-28731

Malicious code in bioql PyPI...

EUVD-2025-19706

Malicious code in bioql PyPI...

EUVD-2025-4195

Malicious code in bioql PyPI...

EUVD-2025-14310

Malicious code in bioql PyPI...

U.S. Dept Of Defense: Cross-Site Scripting via URL on ███████

A Cross-Site Scripting XSS vulnerability was discovered on an official domain from the Department of Defense. The vulnerability could be exploited through the GET method, allowing an attacker to inject malicious scripts that could potentially be executed. No further details were provided...

ROS-20250923-16

Vulnerability in Zabbix universal monitoring system is related to incorrect authorization check in the hostprototype.get method in Zabbix API. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information. remotely to gain access to...

CVE-2025-57772

CVE-2025-57772 affects DataEase prior to 2.10.12. A H2 JDBC RCE bypass exists where the getJdbcUrl method can return the JdbcUrl parameter, bypassing H2 filtering and allowing the JDBC URL to specify the driver (e.g., driver: org.h2.Driver) for the connection. This leads to potential remote code ...

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...