62 matches found
EUVD-2009-2161
Malware in sbrugna...
EUVD-2018-3581
Malware in sbrugna...
EUVD-2013-4609
Malware in sbrugna...
EUVD-2019-2109
Malware in sbrugna...
EUVD-2024-0622
Malicious code in bioql PyPI...
EUVD-2022-27697
Malicious code in bioql PyPI...
EUVD-2025-25135
Malicious code in bioql PyPI...
EUVD-2025-6157
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-43523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo,...
CVE-2025-51990
XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An authenticated administrator can inject arbitrary JavaScript payloads into the HTTP...
Catalyst-Plugin-Session 安全漏洞
Catalyst-Plugin-Session is a Catalyst open source application. A security vulnerability exists in Catalyst-Plugin-Session versions prior to 0.44 that stems from an insecure way of generating session IDs, which could lead to session hijacking...
CVE-2025-53886 Directus doesn't redact tokens in Flow logs
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...
PT-2025-29527 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows with the WebHook trigger, all incoming request details, including security-sensitiv...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.0.0 through 11.9.0, which stems from WebHook triggering the logging of sensitive data, which could lead to...
CVE-2025-4754
CVE-2025-4754 describes an Insufficient Session Expiration vulnerability in ash_authentication_phoenix (ash-project) that enables session hijacking. Affected component: lib/ash_authentication_phoenix/controller.ex; affected until version 2.10.0. Reported impact includes tokens remaining valid aft...
CVE-2024-31204
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEVMODE. The system saves...
CVE-2023-26449
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...
CVE-2023-46851
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remot...
CVE-2023-47628
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...