EUVD-2023-30274

Malicious code in bioql PyPI...

EUVD-2021-34008

Malicious code in bioql PyPI...

EUVD-2023-31743

Malicious code in bioql PyPI...

EUVD-2025-20085

Malicious code in bioql PyPI...

EUVD-2025-7453

Malicious code in bioql PyPI...

EUVD-2023-43018

Malicious code in bioql PyPI...

EUVD-2023-43017

Malicious code in bioql PyPI...

EUVD-2024-53001

Malicious code in bioql PyPI...

EUVD-2022-1439

Malicious code in bioql PyPI...

ROS-20251002-02

A vulnerability in the Netty networking software is associated with incorrect validation of HTTP/1.1 requests. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks against HTTP requests. HTTP requests A vulnerability in the Netty networking softwar...

CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

Student Result Management System Using PHP Cross-Site Request Forgery Vulnerability

Student Result Management System Using PHP is a student result management system. A cross-site request forgery vulnerability exists in Student Result Management System Using PHP, which stems from a Profile Page that does not adequately validate that a request is coming from a trusted user, no...

DragonFly's manager generates mTLS certificates for arbitrary IP addresses

A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the pee...

CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...

PT-2025-35806

Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure affected versions not specified Description: A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

Linux Distros Unpatched Vulnerability : CVE-2025-38264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might injec...

DEBIAN-CVE-2025-38494

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hidhwrawrequest hidhwrawrequest is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid...

UBUNTU-CVE-2025-38430

In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...