31 matches found
EUVD-2025-18138
Malicious code in bioql PyPI...
EUVD-2021-28919
Malicious code in bioql PyPI...
EUVD-2025-11076
Malicious code in bioql PyPI...
EUVD-2025-1734
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-9283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A clie...
Updated mariadb packages fix security vulnerabilities
MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through...
CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins
GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
Design/Logic Flaw
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
Visual Studio Code Server Files Detected
Visual Studio Code is a popular source-code editor provided by Microsoft, with extensions offering a variety of extra functionality including remote workspace access via ssh. Use of this remote workflow creates a hidden directory named .vscode-server on the remote server which may be exposed with...
Malicious IIS extensions quietly open persistent backdoors into servers
Attackers are increasingly leveraging Internet Information Services IIS extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little...
GHSA-PV7H-HX5H-MGFJ Unsafe deserialization in com.alibaba:fastjson
The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
CVE-2021-41921
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...
CVE-2021-41921
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...
Unrestricted file upload
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...
CVE-2021-41921
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution...
CVE-2021-41921
CVE-2021-41921 affects novel-plus v3.6.1, where unrestricted uploads (suffixes and contents) enable server attacks and arbitrary code execution. The connected PT-2022-11503 entry confirms the issue stems from allowing unrestricted file uploads and recommends strict file type validation, content c...
NovelPlus 代码问题漏洞
NovelPlus is an application. An open source mobile social application and idea publishing platform. A security vulnerability exists in NovelPlus V3.6.1 that allows unrestricted file uploads. Unrestricted file extensions and content could lead to server attacks and arbitrary code execution...
PT-2022-11503 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.1 Description: The issue allows unrestricted file uploads, which can lead to server attacks and arbitrary code execution due to unrestricted file suffixes and contents. Recommendations: For novel-plus version 3.6.1,...
ROS-2-1625
2.1625 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...