EUVD-2025-7815

Malicious code in bioql PyPI...

CVE-2025-27839

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...

CVE-2024-6695 profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

CVE-2024-6695

CVE-2024-6695 affects the WordPress plugin Profile Builder (

Node.js third-party modules: property-expr - Prototype pollution

I would like to report Prototype pollution in property-expr It allows attacker to modify the prototype of a base object. Module module name: property-expr version: 2.0.2 npm page: https://www.npmjs.com/package/property-expr Module Description Tiny property path utilities, including path parsing a...

How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net

One, Foreword Time to get back to 5 May 20, the night before that, I spent several days time to study the Yahoo Messenger app, still can't figure out how it works, but annoying headache and neck pain and looking for me. So I decided to go for a walk, find a new target. Then I noticed a very...