EUVD-2025-23970

Malicious code in bioql PyPI...

EUVD-2022-48648

Malicious code in bioql PyPI...

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

Cross site scripting

OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users...

CVE-2022-45792

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

Directory traversal

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

CVE-2022-45792 Directory Traversal in Project File Format allows overwrite (Zip Slip)

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway

Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...

CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...

Cross-Site Scripting (XSS)

pngquant-bin is vulnerable to cross-site scripting XSS attacks. The raw.github.com subdomain does not properly sanitize user-generated content, allowing an attacker to upload potentially malicious contents...

CVE-2000-0578

SGI MIPSPro compilers (C, C++, F77, F90) populate /tmp with predictable temporary file names. This allows a local attacker to modify contents of those files while a build is performed by another user, as described in CVE-2000-0578. The vulnerability stems from how temporary files are created duri...