EUVD-2025-29400

Malicious code in bioql PyPI...

Jenkins LTS < 2.516.3 / Jenkins weekly < 2.528 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.516.3 or Jenkins weekly prior to 2.528. It is, therefore, affected by multiple vulnerabilities: - In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21,...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

MicroTalk App Has SMS Bombing Vulnerability

MicroTalk App is a calling software. MicroTalk APP has SMS bombing vulnerability. The attacker sends unlimited CAPTCHA to the cell phone by catching packets through the forget password function, consumes server resources, and carries out SMS bombing...

Logic Design Vulnerability in Tlink IoT Cloud Service Platform Android App

TLINK Internet of Things is an open platform for Internet of Things products of Shenzhen Analog Technology Co. A logical design vulnerability exists in the Android App password recovery function of Tlink IoT cloud service platform. It allows the attacker to send unlimited SMS to the modified cell...