607 matches found
EUVD-2025-12680
Malicious code in bioql PyPI...
EUVD-2025-10546
Malicious code in bioql PyPI...
EUVD-2025-32041
Malicious code in bioql PyPI...
EUVD-2025-7443
Malicious code in bioql PyPI...
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...
PT-2025-40299
Name of the Vulnerable Software and Affected Versions Jeecgboot versions 3.8.2 and earlier Description Jeecgboot versions 3.8.2 and earlier are susceptible to a path traversal issue. The /sys/comment/addFile API endpoint allows attackers to upload files with system-whitelisted extensions to the...
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...
CVE-2025-61188
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...
CVE-2025-61189
CVE-2025-61189 affects Jeecgboot versions 3.8.2 and earlier. A path traversal vulnerability in the /sys/comment/addFile endpoint allows uploading files with system‑whitelisted extensions to the system directory /opt instead of the intended /opt/upFiles directory, enabling potential unauthorized f...
A week in security (September 22 – September 28)
Last week on Malwarebytes Labs: Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data Google and Flo to pay $56 million after misusing users’ health data Neon App pays users to record their phone calls, sells data for AI training updated New SVG-based phishing campaign ...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499
CVE-2025-10499 : The WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You (up to version 3.12.0) is vulnerable to a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the maybe_opt_in() function. This allows unauthenticated attackers to trigger e...