EUVD-2025-30191

Malicious code in bioql PyPI...

CVE-2025-54754

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

Shaanxi Public Software Co., Ltd. website building system has SQL injection vulnerabilities

Ltd. is a modern technology enterprise that has been focusing on the promotion and application of industry informatization construction and management technology, integrating industry informatization system, development of professional software and technical training service. Shaanxi public...

jsc: Crash in jsc

Detailed report: https://oss-fuzz.com/testcase?key=4816702556078080 Project: jsc Job Type: asanjsc Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0xfffffffffffffff0 Crash State: jsc jsc jsc Sanitizer: address ASAN Regressed:...

GHSA-8P5P-FF7X-HW7Q Cross-Site Scripting in public

Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...

Path Traversal in public

Versions of public before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. Recommendation Update to version 0.1.3 or later...

Shaanxi Public Software Co., Ltd. website building system has SQL injection vulnerabilities in multiple parameters

Ltd. has been focusing on the promotion and application of industry informatization construction and management technology, and is a modern high-tech enterprise integrating industry informatization system, development of professional software and technical training service. Shaanxi public softwar...