49 matches found
GHSA-8GPM-H2MH-36QC Eclipse BaSyx Java Server SDK vulnerable to Path Traversal
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
UBUNTU-CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
UBUNTU-CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
Eclipse BaSyx Java Server SDK 代码问题漏洞
Eclipse BaSyx Java Server SDK is an industrial digitalization development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained code vulnerabilities. These vulnerabilities stemmed from the Operation Delegation feature not verifying th...
EUVD-2023-1097
Malicious code in bioql PyPI...
EUVD-2022-25029
Malicious code in bioql PyPI...
EUVD-2024-3335
Malicious code in bioql PyPI...
EUVD-2023-1214
Malicious code in bioql PyPI...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2023-52891
A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.5, SIMATIC Energy Manager PRO All versions V7.5, SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions, SIMIT V10 All versions, SIMIT V11 All versions V11.1. Unified Automation .NET based OPC UA...
Malicious code in paypal-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2031c18b112a375fcbcf727d2a0ca070c13daadc4477fa5a6e61a5e60957f676 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1162 Malicious code in paypal-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2031c18b112a375fcbcf727d2a0ca070c13daadc4477fa5a6e61a5e60957f676 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in node-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99319a0fd3901abbb085faaaf7efaf653934eae74c3d6d4e442005aa875e822d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-362 Malicious code in node-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99319a0fd3901abbb085faaaf7efaf653934eae74c3d6d4e442005aa875e822d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in operation-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 562d8b7d5fca6f14e6a57f77567f7fbb054ae76c5e77c760fc622107d046bd88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11061 Malicious code in operation-server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 562d8b7d5fca6f14e6a57f77567f7fbb054ae76c5e77c760fc622107d046bd88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...