93 matches found
OpenProject SQL注入漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...
Linux Distros Unpatched Vulnerability : CVE-2026-2302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the Mongoid::Criteria.fromhash function. An attacker can execute arbitrary Ruby code by supplying a specially crafted Hash value. Remediation Upgrade mongoid to version 7.6.1, 8.0.12, 8.1.12, 9.0.10 or highe...
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
UBUNTU-CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
PT-2026-7435
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from hash may allow for executing arbitrary Ruby code...
CVE-2025-68271
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...
CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions 5.0.0 through 6.10.1, which stems from improper parsing of the text of an attacker-controlled parameter in Stringconverttovalue in the JSON-RPC API, which could lead to an unauthenticated...
EUVD-2021-1469
Malware in sbrugna...
EUVD-2013-4096
Malware in sbrugna...
EUVD-2017-0326
Malware in sbrugna...
EUVD-2018-2275
Malware in sbrugna...
EUVD-2022-3027
Malicious code in bioql PyPI...
EUVD-2022-4435
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-14001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...
CVE-2025-49828
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...
CVE-2025-49828
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...