Bird-lg-go 安全漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...

CVE-2026-22777

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

About SQL Injection – Django (CVE-2025-64459) vulnerability

About SQL Injection - Django CVE-2025-64459 vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters connector and negated when applications pass user-controlled...

EUVD-2024-50261

Malicious code in bioql PyPI...

Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...