CVE-2025-40889

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

EUVD-2025-8226

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

inter-mediator/fmdataapi is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in FMDataAPISample.php due to improper input validations which allows an attacker to inject and execute arbitrary JavaScript...

Stored Cross-Site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Stored Cross-Site Scripting XSS attacks. This vulnerability allows an attackers to target other users or administrators and gain control of their accounts via executing malicious JavaScript on victim's session due to insufficient user input validations...

Denial Of Service (DoS)

apacheairflowprovidersgoogle is vulnerable to Denial of Service DoS attacks. The vulnerability is due to improper input validations in cloudsql.py, resulting in an application crash...

USN-5826-1: Privoxy vulnerabilities

Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. CVE-2021-44540 Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform...

Arbitrary Code Injection

azurecli is vulnerable to arbitrary code injection. The vulnerability exist in azurecli only when running on windows, due to incorrect input validations during the submission of values containing & or | symbols which allows an attacker to inject and execute malicious code into the system...

Cross-Site Scripting (XSS)

rdiffweb is vulnerable to cross-site scripting. The vulnerability exists due to lack of validations in fullname,username and email which allows a remote attacker to inject and execute malicious javascript into the system...

CVE-2014-0144

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privilege...

Integer overflow

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privilege...

Mageia: Security Advisory (MGASA-2020-0036)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0414)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

DEBIAN-CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

UBUNTU-CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file...

Joomla! 2.5.x < 3.9.17 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.17. It is, therefore, affected by multiple vulnerabilities : - Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

Joomla 2.5.x < 3.9.17 Multiple Vulnerabilities (5807-joomla-3-9-17)

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.17. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow...

Joomla! 2.5.0 - 3.9.16 Multiple Vulnerabilities

Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...

CVE-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration...