EUVD-2025-6694

Malicious code in bioql PyPI...

EUVD-2023-41234

Malicious code in bioql PyPI...

EUVD-2022-1752

Malicious code in bioql PyPI...

EUVD-2025-2610

Malicious code in bioql PyPI...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

CRLF Injection

Overview aioftp is a ftp client/server for asyncio Affected versions of this package are vulnerable to CRLF Injection via the aioftp.Client.command method that lacks checks for CR/LF characters in command strings. An attacker can add the \r\n characters and inject additional headers in the FTP...

PT-2025-40341

Name of the Vulnerable Software and Affected Versions OpenSIAC affected versions not specified Description An incorrect authentication issue exists in OpenSIAC that could allow an attacker to impersonate a person using Cl@ve as an authentication method. The issue enables full Cl@ve identity...

PYSEC-2025-106

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2025-54476

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class...

CVE-2025-54476

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class...

cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

Joomla! CMS 安全漏洞

Joomla! CMS is an open source content management system for Joomla! A security vulnerability exists in the Joomla! CMS input filtering framework, which stems from improper handling of inputs to the checkAttribute method and could lead to a cross-site scripting attack...

PT-2025-40003

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-54476 Description Improper handling of input can result in a cross-site scripting XSS vector within the checkAttribute method of the input filter framework class. Recommendations At the moment, there is no information...

FreeBSD : goldendict -- dangerous method exposed (4ccd6222-9c83-11f0-a337-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4ccd6222-9c83-11f0-a337-b42e991fc52e advisory. [email protected] reports: GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading a...

CVE-2025-59939

WeGIA (Web manager for charitable institutions) prior to version 3.5.0 is vulnerable to SQL Injection in the control.php endpoint via id_produto, where malicious command input through the id_produto parameter can exploit the site. The root cause is lack of proper sanitization and validation; the ...

OESA-2025-2354 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

CVE-2025-11014

CVE-2025-11014 affects OGRECave OGRE up to 14.4.1, specifically the function STBIImageCodec::encode in OgreSTBICodec.cpp under the Image Handler. The issue is a heap-based buffer overflow, exploitable via local access, with an exploit publicly released. Several connected sources (Snyk entries and...

CVE-2025-57329

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...