208 matches found
kroki 安全漏洞
kroki is an open source icon creation tool from Yuzu tech. A security vulnerability exists in kroki, which stems from an insufficient cleanup of the convert function, which could result in sending requests to arbitrary URLs and disclosing sensitive information...
AVideo 安全漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from multiple public API endpoints leaking absolute filesystem paths, potentially exposing the underlying filesystem structure...
PT-2025-50295
Name of the Vulnerable Software and Affected Versions Taguette versions prior to 1.5.2 Description Taguette is a qualitative research tool susceptible to an open redirect issue. Attackers can create malicious URLs that redirect authenticated users to arbitrary external websites. The application...
Caido 注入漏洞
Caido is an application from Caido open source. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. An injection vulnerability exists in versions prior to Caido 0.53.0 that stems from mishandling of the Markdown renderer, which could result in an...
Tutor 安全漏洞
Tutor is an Overhang.IO open source tool for deploying and managing the Open edX platform. A security vulnerability exists in Tutor version 20.0.2, which stems from the lack of proper cache control HTTP headers and client-side session checking, and could lead to a local unauthorized attacker...
PT-2025-47501
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly is a scheduling and collaboration tool. An Insecure Direct Object Reference IDOR exists in the poll duplication endpoint /api/trpc/polls.duplicate. An authenticated user can bypass access...
Conda Constructor 安全漏洞
Conda Constructor is a Conda open source tool for creating installers from conda packages. A security vulnerability exists in Conda Constructor 3.12.2 and earlier versions, which stems from the installation directory inheriting parent directory permissions, which could lead to modification...
CVE-2025-62528
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
EUVD-2025-35097
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...
Flowise 安全漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise 3.0.4 and earlier versions, which stems from a Supabase RPC Filter field that is not cleaned and escaped from user input, which could lead to remote code execution...
DataEase 跨站脚本漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A cross-site scripting vulnerability exists in DataEase 2.10.13 and...
EUVD-2021-0002
Malware in sbrugna...
EUVD-2021-0649
Malware in sbrugna...
EUVD-2018-0077
Malware in sbrugna...
Flowise 安全漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise versions prior to 3.0.5 that stems from an unfiltered IFRAME element and could lead to a cross-site scripting attack...
EUVD-2025-2886
Malicious code in bioql PyPI...
EUVD-2025-19715
Malicious code in bioql PyPI...
EUVD-2023-0128
Malicious code in bioql PyPI...
EUVD-2022-0640
Malicious code in bioql PyPI...
EUVD-2023-26628
Malicious code in bioql PyPI...