Lucene search
K

607 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12680

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.30 views

EUVD-2025-10546

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32041

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00244EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7443

Malicious code in bioql PyPI...

9.1CVSS5AI score0.00341EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/02 11:27 p.m.16 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/02 11:27 p.m.10 views

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2025/10/01 8:18 p.m.4 views

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

6.3CVSS0.00244EPSS
Exploits1References1
NVD
NVD
added 2025/10/01 8:18 p.m.3 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.3CVSS0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.7 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

0.00244EPSS
Exploits1References1
OSV
OSV
added 2025/10/01 12:0 a.m.3 views

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References3
OSV
OSV
added 2025/10/01 12:0 a.m.3 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.5 views

PT-2025-40299

Name of the Vulnerable Software and Affected Versions Jeecgboot versions 3.8.2 and earlier Description Jeecgboot versions 3.8.2 and earlier are susceptible to a path traversal issue. The /sys/comment/addFile API endpoint allows attackers to upload files with system-whitelisted extensions to the...

6.3CVSS6.7AI score0.00244EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.2 views

CVE-2025-61189

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...

6.5AI score0.00244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.2 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.5AI score0.00244EPSS
Exploits1References1
CVE
CVE
added 2025/10/01 12:0 a.m.12 views

CVE-2025-61189

CVE-2025-61189 affects Jeecgboot versions 3.8.2 and earlier. A path traversal vulnerability in the /sys/comment/addFile endpoint allows uploading files with system‑whitelisted extensions to the system directory /opt instead of the intended /opt/upFiles directory, enabling potential unauthorized f...

6.3CVSS6.5AI score0.00244EPSS
Exploits1References1Affected Software1
Malwarebytes
Malwarebytes
added 2025/09/29 7:1 a.m.7 views

A week in security (September 22 – September 28)

Last week on Malwarebytes Labs: Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data Google and Flo to pay $56 million after misusing users’ health data Neon App pays users to record their phone calls, sells data for AI training updated New SVG-based phishing campaign ...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/28 2:41 a.m.9 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS5.2AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/09/27 3:15 a.m.9 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS0.00151EPSS
Exploits0References3
OSV
OSV
added 2025/09/27 3:15 a.m.5 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/09/27 2:25 a.m.24 views

CVE-2025-10499

CVE-2025-10499 : The WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You (up to version 3.12.0) is vulnerable to a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the maybe_opt_in() function. This allows unauthenticated attackers to trigger e...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder