Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...

EUVD-2024-51092

Malicious code in bioql PyPI...

MAL-2025-6757 Malicious code in risk-profile-widget (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-53696

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected...

Firmware Version Change Detected (Critical)

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect. Th...

MAL-2025-3050 Malicious code in @hongfangze/pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e73a080830e05ba03056d448f8fc7711301bb1c7c5e13797c1f192b7373be10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PYSEC-2024-216

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

GHSA-P3F3-5CCG-83XQ dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...

PT-2023-5203 · Apache · Apache Airflow Hdfs Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow HDFS Provider versions prior to 4.1.1 Description: The issue is related to the Apache Airflow HDFS Provider, where a documentation error pointed users to an incorrect pip package. This package name was unclaimed, potentially...

Mozilla: Lack of warning when opening Diagcab files

The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code...

PT-2023-17401 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.10.8 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE where an attacker can spoof protected tags. This could...

CVE-2022-2356

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded...

PT-2022-16075 · WordPress · Frontend File Manager & Sharing

Name of the Vulnerable Software and Affected Versions: Frontend File Manager & Sharing WordPress plugin versions prior to 1.1.3 Description: The issue allows users to upload files without proper filtering of file extensions, potentially leading to the upload of malicious code. Recommendations: Fo...

Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations

Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...

Microsoft Windows XP2000 - showHelp .CHM File Execution (MS03-004)

Microsoft Windows XP2000 - showHelp .CHM File Execution MS03-004 source: https://www.securityfocus.com/bid/9320/info Microsoft Windows is prone to a security flaw in the implementation of the showHelp function. Microsoft previously released patches that provide security measures to prevent abuse ...

Microsoft Security Bulletin MS00-051 - -------------------------------------- Patch Available for "Excel REGISTER.ID Function" Vulnerability Originally posted: July 26, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Microsoft Excel 97 an...