EUVD-2025-31334

Malicious code in bioql PyPI...

EUVD-2025-5863

Malicious code in bioql PyPI...

EUVD-2024-49073

Malicious code in bioql PyPI...

EUVD-2022-26952

Malicious code in bioql PyPI...

EUVD-2022-30998

Malicious code in bioql PyPI...

OESA-2025-2162 binutils security update

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

CVE-2025-8553

A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitiveword/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2025-8548

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email lea...

CVE-2025-8547 atjiu pybbs Email Verification improper authorization

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2025-8534

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

CVE-2025-54575

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-8177

CVE-2025-8177 affects LibTIFF up to 4.7.0. The issue is in the function setrow (tools/thumbnail.c) and leads to a buffer overflow. Local attack is required. The patch (e8c9d6c616b19438695fd829e58ae4fde5bfbc22) fixes this issue; affected deployments note the maintainer has dropped support for some...

WordPress bSecure plugin 1.3.7-1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint

Missing Authorization to Unauthenticated Privilege Escalation via orderinfo REST Endpoint vulnerability discovered by kr0d in WordPress Plugin bSecure Your Universal Checkout versions 1.3.7-1.7.9...

CVE-2025-7759

A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to server-side request...

WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DB Backup versions = 6.0...

WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary File Deletion

Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-5393 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 5aa08c886c4e Credits Thái An Required privilege Unauthenticated...

Microsoft Endpoint Configuration Manager RCE (KB31909343)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB31909343. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

PT-2025-28664 · Itsourcecode · Itsourcecode Agri-Trading Online Shopping System

Name of the Vulnerable Software and Affected Versions: itsourcecode Agri-Trading Online Shopping System version 1.0 Description: A critical issue has been discovered in the itsourcecode Agri-Trading Online Shopping System. The problem affects an unknown function within the...

CVE-2025-7107

A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The...

PT-2025-27390 · Sourcecodester · Best Salon Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability has been found in the system, affecting the file /panel/search-appointment.php. The manipulation of the searchdata argument leads to SQL injection...