EUVD-2018-0192

Malware in sbrugna...

Command Injection

Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Command Injection via the serverController.ts process. A user can execute arbitrary operating system commands by supplying crafted input to the command or args parameters. Remediatio...

EUVD-2025-18699

Malicious code in bioql PyPI...

EUVD-2022-53002

Malicious code in bioql PyPI...

EUVD-2025-28864

Malicious code in bioql PyPI...

EUVD-2023-54038

Malicious code in bioql PyPI...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the CheckSpecies function in the ChemKinFormat process. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a heap-based buffer overflow...

Arbitrary Code Injection

Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...

CVE-2025-9658

A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /xportalassembledesigner/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2025-9649

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calcsleeptime of the file sendpackets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9514

Summary (CVE-2025-9514) : Macrozheng Mall versions up to 1.0.3 have a vulnerability in the Registration component. The flaw allows weak password requirements, potentially enabling unauthorized remote access. Exploitation is described as highly complex with difficult exploitability. The provided d...

PT-2025-34840 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A flaw exists in the Registration component of the software, impacting an unknown function. This issue results in weak password requirements, potentially allowing unauthorized access. The atta...

CVE-2025-8191

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

CVE-2025-6282

The CVE-2025-6282 issue affects xlang-ai OpenAgents, specifically the create_upload_file function in backend/api/file.py, where a path traversal vulnerability is introduced. Multiple connected sources confirm the vulnerability is critical and that the exploit has been disclosed publicly, with Ope...

CVE-2025-6282 xlang-ai OpenAgents file.py create_upload_file path traversal

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...

GHSA-7G45-4RM6-3MM3

creationtimestamp| type| source ---|---|--- 2025-06-16 19:47:05+00:00| seen| https://gist.github.com/safer-bot/76f63c635db1f22c29c431efd3dc847b 2025-06-16 20:08:28+00:00| seen| https://gist.github.com/safer-bot/3c07d6cb9d4d50c65b92850fe6b9f2d9 2025-06-17 11:01:06+00:00| seen|...

GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Management Console. An attacker can execute arbitrary code by injecting malicious input into the console. Remediation There is no fixed version for com.weibo:rill-flow. References - GitHub Issue...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the manipulation of the pathtoincludes argument. Remediation There is no fixed version for stb. References - GitHub Issue...