CVE-2026-34585

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...

EUVD-2022-6382

Malicious code in bioql PyPI...

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

CVE-2023-48257

This CVE (CVE-2023-48257) refers to Bosch Nexo cordless nutrunner devices. Affects the device’s ability to access sensitive data inside exported packages or achieve remote code execution with root privileges. Exploitation possibilities described across sources include direct attack by authenticat...

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

PT-2022-26168 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.6 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view...

CVE-2020-7678

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

CVE-2017-13706

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

Lansweeper XML External Entity Injection Vulnerability

Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...