10 matches found
EUVD-2025-12145
Malicious code in bioql PyPI...
How Good LLM-Generated Password Policies Are?
Generative AI technologies, particularly Large Language Models LLMs, are rapidly being adopted across industry, academia, and government sectors, owing to their remarkable capabilities in natural language processing. However, despite their strengths, the inconsistency and unpredictability of LLM...
Doppler: Github app(link) Takeover Listed on "https://docs.doppler.com/docs/github-actions" page
A github app presented on a Doppler documentation page was vulnerable to takeover, enabling attackers to achieve malicious objectives. The app link has since been removed or replaced to mitigate this vulnerability...
GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability
Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...
Outdated Interface Implementation
Lines of code Vulnerability details Impact The Chainlink aggregator interface used by the project is outdated and does not permit the project to properly sanitize the price values it receives. Recommended Mitigation Steps The interface is to be updated according to the official Chainlink...
Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code
Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...
ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
No description provided by source. ?/ File: shoutbox.php Affects: ShoutPro 1.5.2 may affect earlier versions Date: 17th April 2007 Issue Description: =========================================================================== ShoutPro 1.5.2 fails to fully sanitize user input $shout that it writes...
YASAT - Yet Another Stupid Audit Tool
YASAT Yet Another Stupid Audit Tool is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies only sed, grep and cut Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking...
ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...
ShoutPro 1.5.2 - 'shout.php' Remote Code Injection
?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "%3C%3F%24a%3D...