96 matches found
Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
MAL-2026-2829 Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
EUVD-2026-5023
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
PT-2026-5407
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...
Malicious code in paddle-subscription (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9751 Malicious code in paddle-subscription (npm)
--- -= Per source details. Do not edit below this line.=-...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-1603 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-16...
CVE-2024-1603 confirmed
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.readfile...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0818 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-08...
Path traversal
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
CVE-2024-0818
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
CVE-2024-0818
CVE-2024-0818 affects PaddlePaddle (
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0917 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-09...
CVE-2024-0917
remote code execution in paddlepaddle/paddle 2.6.0...
CVE-2024-0917
remote code execution in paddlepaddle/paddle 2.6.0...
CVE-2024-0917
PaddlePaddle vulnerability CVE-2024-0917 affects paddlepaddle/paddle 2.6.0. Root cause: code injection due to improper filtering of special elements in constructed code segments, enabling remote code execution. Impact is described as remote code execution with high confidentiality/integrity/avail...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0815 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-08...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0817 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-08...
CVE-2024-0815
Command injection in paddle.utils.download.wgetdownload bypass filter in paddlepaddle/paddle 2.6.0...