EUVD-2024-54428

Malicious code in bioql PyPI...

CVE-2025-9399 YiFang CMS L_tool.php sql injection

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

CVE-2025-9399 YiFang CMS L_tool.php sql injection

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

PT-2025-17202 · Unknown · Pydio Core

Name of the Vulnerable Software and Affected Versions: Pydio Core versions 8.2.5 and earlier Description: The issue is related to Cross Site Scripting XSS via the New URL Bookmark feature. This allows for potential malicious script execution. Recommendations: For Pydio Core versions 8.2.5 and...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

CVE-2024-40124

Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting XSS via the New URL Bookmark feature...

Pydio Core 安全漏洞

Pydio Core is a document sharing and collaboration platform core program from Pydio, Inc. A security vulnerability exists in Pydio Core 8.2.5 and earlier versions, which stems from a cross-site scripting vulnerability in the New URL Bookmark feature...

Possible URL spoofing on wildcard path

Description H3 provides the getRequestURL utility using the new URLa, b constructor. When variable a is attacker-controlled the origin of the resulting URL can be modified. Proof of Concept js // index.js import listen from "listhen"; import createApp, createRouter, eventHandler, toNodeListener,...