CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

EUVD-2017-10439

Malware in sbrugna...

EUVD-2022-0096

Malicious code in bioql PyPI...

EUVD-2025-29192

Malicious code in bioql PyPI...

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

PT-2025-37565

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes Lite version 2.0.0 Description: The GetHttpsResponse method transmits sensitive information – including internal server URLs, account IDs, passwords, and device tokens – as plaintext query parameters over HTTPS. The affected...

PYSEC-2022-301

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

PYSEC-2022-301

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

CVE-2022-39280 Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

CVE-2022-39280 Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

GHSA-8FG9-P83M-X5PQ ReDoS issue in dparse

Impact dparse versions prior to 0.5.1 contain a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. All users parsing index server URLs with dparse are impacted by this vulnerability. Patches The Patch is applied in the 0.5.2 version, all users are recommended to...

PT-2022-24866 · Pypi · Dparse

Name of the Vulnerable Software and Affected Versions: dparse versions prior to 0.5.2 Description: dparse is a parser for Python dependency files. The issue concerns a regular expression that is vulnerable to a Regular Expression Denial of Service ReDoS. All users parsing index server URLs with...

Code injection

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476...

Researchers Find Trojan Using Facebook

Researchers at Symantec have discovered a trojan that uses Facebook to communicate with a control and command server. Dubbed “whitewell” this malware spreads via email, contacts the mobile version of Facebook and uses its Notes section to perform actions based on the Notes titles. Andrea Lelli...