CVE-2018-25398

Open ISES Project 3.30A is affected by an SQL injection in main.php via the frm_passwd parameter. Unauthenticated attackers can send crafted POST requests to extract database information (usernames, database names, version details). The issue is documented across CVE entries (CVE-2018-25398). No ...

MAL-2026-4424 Malicious code in @remitee-money-transfer/rmt-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f21c6601855c2f2d0a5d0761d3defe8c0ba1708dd2a67fb278c03e0abd6ba16 Package ships only a preinstall lifecycle script scripts/preinstall.sh and no functional code. On npm install, the script reads /etc/passwd and...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

CVE-2026-25154

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...

OESA-2026-1013 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

CVE-2022-35008

PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp...

CVE-2025-50361

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v1228, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash...

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...

ASB-A-374746961

In btahfclientcbinit of btahfclientmain.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-24965

Malicious code in bioql PyPI...

EUVD-2025-30384

Malicious code in bioql PyPI...

CVE-2025-10767

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...

CVE-2025-10767 CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...

Unspecified Vulnerability in Google Android (CNVD-2025-19996)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which originates from a logic error in multiple functions in hyp-main.c. An attacker could exploit this vulnerability to cause a local information leak...

CVE-2025-0078

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22413

In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

CVE-2025-9001 LemonOS HTTP Client main.cpp HTTPGet stack-based overflow

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...