Unsafe Dependency Resolution

Overview @tygo-van-den-hurk/slyde is a Make beautifully animated Slydes and presentations from XML with ease! Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic import process of /.plugin.js,mjs files from dependencies. An attacker can execute...

EUVD-2025-21034

Malicious code in bioql PyPI...

CVE-2021-29246

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory...

Directory traversal

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory...

CVE-2021-29246

BTCPay Server vulnerability CVE-2021-29246: an authenticated attacker with administrator privileges can exploit a directory traversal flaw in BTCPay Server versions up to 1.0.7.0 by uploading a specially crafted malicious plugin file to escape the restricted directory, enabling code execution on ...