EUVD-2021-9584

Malicious code in bioql PyPI...

EUVD-2023-49651

Malicious code in bioql PyPI...

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

Notepad++ 安全漏洞

Notepad++ is an open source plain text editor by Don Ho, an individual developer in Taiwan, China. A security vulnerability exists in Notepad++ version 8.8.3, which originates from DLL hijacking and could lead to the execution of malicious code...

PT-2025-39673

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.8.3 and earlier Description Notepad++ version 8.8.3 contains a DLL hijacking flaw. This allows an attacker to replace original DLL files, such as NppExport.dll, with malicious versions, leading to arbitrary code execution...

CVE-2025-10156

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...

CVE-2025-10155

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...

CVE-2025-58374

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...

CVE-2025-7971

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash...

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-54865 Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed...

PT-2025-31888 · Mediawiki · Tilesheets

Name of the Vulnerable Software and Affected Versions: Tilesheets MediaWiki Extension affected versions not specified Description: The Tilesheets MediaWiki Extension includes a table lookup parser function that retrieves images based on item requests. A missing backtick in a query executed by the...

CVE-2025-6637 PRT File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

PT-2025-30200 · Emby · Windows

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software is susceptible to unrestricted file uploads of dangerous types. This allows for the potential execution of malicious code or compromise of system...

Quiter Gateway 跨站脚本漏洞

Quiter Gateway is an API interface from Quiter Spain. A cross-site scripting vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from the presence of reflective cross-site scripting in the idfactura parameter, which could lead to the execution of malicious code...

WordPress WP Optimize By xTraffic Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...

Quiter Gateway 跨站脚本漏洞

Quiter Gateway is an API interface from Quiter Spain. A cross-site scripting vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from the presence of reflective cross-site scripting in the campo parameter, which could lead to the execution of malicious code...

CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...