EUVD-2019-19113

Malware in sbrugna...

EUVD-2024-17321

Malicious code in bioql PyPI...

EUVD-2025-18540

Malicious code in bioql PyPI...

EUVD-2025-22409

Malicious code in bioql PyPI...

EUVD-2024-32744

Malicious code in bioql PyPI...

EUVD-2021-28120

Malicious code in bioql PyPI...

EUVD-2022-31947

Malicious code in bioql PyPI...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-37107

An authentication bypass vulnerability exists in HPE AutoPass License Server APLS prior to 9.18...

CVE-2025-47550

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through = 3.3.16...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

GHSA-3VX9-2CH5-M6R6 vulnerabilities

Vulnerabilities for packages: mysql...

Apache Doris Path Traversal Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in...

CVE-2024-49653

Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through = 1.2...

CVE-2025-0473

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimportauthorities’ endpoint. When a file is uploaded via this...

CVE-2024-12086

The CVE-2024-12086 entry concerns rsync. A flaw in rsync’s checksum-based comparison during client→server file transfer can enable a server to enumerate contents of files on the client by sending crafted checksum values and analyzing responses. The connected documents confirm rsync is affected an...

CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...

PT-2023-11653 · Red Hat · Spice-Server

Name of the Vulnerable Software and Affected Versions: spice-server version 0.14.0-6.el7 6.1.x86 64 Description: A security issue was discovered in Redhat's VDI product, allowing a KVM virtual machine to be restarted without authorization. The full extent of the effects is not yet known...