EUVD-2022-7567

Malicious code in bioql PyPI...

EUVD-2025-5558

Malicious code in bioql PyPI...

Exploit for Path Traversal in Oxidized_Web_Project Oxidized_Web

CVE-2025-27590 - PoC Exploit Command Injection via Multipart...

CVE-2019-25088

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/confsearch.haml. The manipulation of the argument toresearch leads to cross site scripting. It is possible to launch the attack remotely. The...

Unauthorized Account Takeover

oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

GHSA-JX6P-9C26-G373 Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Directory Traversal

Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Directory Traversal through the RANCID migration page. An attacker can gain control over the Linux user account running the application by exploiting this vulnerability...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Oxidized Web 路径遍历漏洞

Oxidized Web is ytti individual developer's Web UI + RESTful API for Oxidized. A security vulnerability exists in Oxidized Web versions prior to 0.15.0 that stems from a RANCID migration page that allows an unauthenticated user to take control of a Linux user account running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

PT-2025-9270 · Unknown · Oxidized-Web

Name of the Vulnerable Software and Affected Versions: oxidized-web versions prior to 0.15.0 Description: The RANCID migration page in oxidized-web allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. This issue can lead to remote code execution...

CVE-2025-27590

The CVE concerns oxidized-web (Oxidized Web) before version 0.15.0, where the RANCID migration page can be accessed without authentication and allows an attacker to gain control over the Linux user account running oxidized-web. Public details in connected documents describe the issue as a path tr...

Cross-Site Scripting (XSS)

oxidized-web is vulnerable to cross-site scripting. The vulnerability exists in confsearch.haml due to manipulation of the argument toresearch which allows an attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of user input provided to the toresearch argument in web/views/confsearch.haml. Details Cross-site scripting or XSS is a...

Oxidized Web vulnerable to Cross-site Scripting

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/confsearch.haml. The manipulation of the argument toresearch leads to cross site scripting. It is possible to launch the attack remotely. The...