Plasma Workspace 安全漏洞

Plasma Workspace is an open-source application developed by the KDE GitHub Mirror project. It serves to run various components required for a Plasma-based environment. Plasma Workspace has a security vulnerability that stems from multiple issues, which may allow an infected plasmalogin service...

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...

CVE-2025-23040

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from susceptibility to cross-site request forgery attacks and could lead to the...

EUVD-2020-7216

Malware in sbrugna...

EUVD-2025-11860

Malicious code in bioql PyPI...

EUVD-2023-2619

Malicious code in bioql PyPI...

EUVD-2023-53276

Malicious code in bioql PyPI...

EUVD-2024-3554

Malicious code in bioql PyPI...

EUVD-2023-2918

Malicious code in bioql PyPI...

aiven-db-migrate 路径遍历漏洞

aiven-db-migrate is an Aiven open source application. A path traversal vulnerability exists in aiven-db-migrate versions prior to 1.0.7, which stems from an elevation of privilege vulnerability that could lead to superuser privilege acquisition...

PT-2025-31882 · Unknown · Trilium Notes

Name of the Vulnerable Software and Affected Versions: Trilium Notes versions prior to 0.97.0 Description: Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess...

CVE-2025-53938

WeGIA has an authentication bypass vulnerability in the /dao/verificar_recursos_cargo.php API endpoint, affecting versions prior to 3.4.5. Unauthenticated users can access protected functionality and retrieve sensitive information by crafting HTTP requests without session cookies or tokens. Versi...

CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...

CVE-2025-53936

WeGIA is vulnerable to a Reflected XSS in the personalizacao_selecao.php endpoint via the nome_car parameter on versions prior to 3.4.5. The issue arises from insufficient input filtering/escaping, enabling injection of malicious scripts. Version 3.4.5 fixes the vulnerability. Remediation: upgrad...

CVE-2025-53933 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarenfermidade.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2023-39527

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...