5 matches found
EUVD-2025-29625
Malicious code in bioql PyPI...
CVE-2025-59334
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...
PT-2025-38060
Name of the Vulnerable Software and Affected Versions: Linkr versions through 2.0.0 Description: Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a...
UBUNTU-CVE-2022-34471
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This...