PT-2025-35166

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in the /setting/employee salary setup.php file. The ddlEmpName argument is susceptible to manipulation, potentially allowing for remote exploitatio...

PT-2025-35163

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A weakness exists in an unknown functionality of the file /setting/month setup.php. Manipulation of the txtMonthName argument can lead to SQL injection. The attack can be...

SUSE CVE-2024-48908

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

MAL-2025-191796 Malicious code in mulaptested-pakname (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe9ba6c7da3568c9fc879641c190c301a2bd8a349b38a44295eb2924139c78b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in mulaptested-pakname (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe9ba6c7da3568c9fc879641c190c301a2bd8a349b38a44295eb2924139c78b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in notary-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6777fd3be7abdd8775b30e889a1bd66c4bef8af1794600867fc7292a8b9bcd0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

CVE-2024-48908

The CVE-2024-48908 entry relates to the lychee-action composite action, where the lychee-setup step in action.yml could enable arbitrary code injection prior to version 2.0.2. Affected component: lychee-action (via lychee-setup). Root cause: insecure handling in the setup of lychee within the com...

lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...

GHSA-65RG-554R-9J5X lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...

Privilege Escalation

github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...

Lychee 代码注入漏洞

Lychee is a beautiful and easy-to-use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A code injection vulnerability exists in Lychee versions prior to 2.0.2, which stems from a possible arbitrary code injection in lychee-setup...

PT-2025-35094

Name of the Vulnerable Software and Affected Versions: lychee link checking action versions prior to 2.0.2 Description: The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. This can potentially compromise the security of the target...

PT-2025-34862 · Linksys · Linksys E1700

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003 Description: A stack-based buffer overflow vulnerability exists in the QoSSetup function of the /goform/QoSSetup file. Manipulation of the ack policy argument can trigger the overflow, potentially allowing fo...

Linux Distros Unpatched Vulnerability : CVE-2020-6095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst- rtsp-server 1.14.5. A specially crafted RTSP setup...

Linksys E1700 安全漏洞

The Linksys E1700 is a wireless router from Linksys, USA. A security vulnerability exists in Linksys E1700 version 1.0.0.4.003, which stems from a stack buffer overflow due to incorrect manipulation of the parameter ackpolicy in the file /goform/QoSSetup...

Linux Distros Unpatched Vulnerability : CVE-2020-16125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu an...

PT-2025-37981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the communication buffer allocated by setup mm hdr was not contiguous, despite being expected to be by tee shm register kernel buf. This could le...

Malicious code in xx-ent-wiki-sm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ebf0745c51c955dbe898efb0f6b721f30dd75edc24b4ee234e8574cee3da9d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...