31 matches found
EUVD-2005-2260
Malware in sbrugna...
EUVD-2018-7847
Malware in sbrugna...
EUVD-2019-16121
Malware in sbrugna...
EUVD-2022-32497
Malicious code in bioql PyPI...
EUVD-2023-27054
Malicious code in bioql PyPI...
GHSA-6V92-R5MX-H5FX smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation...
CVE-2025-44831
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface...
BIT-GITLAB-2024-10307 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request...
PYSEC-2025-22
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occurs due to...
BELL-CVE-2024-57852
Bulletin has no description...
CVE-2024-54951
Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...
GHSA-469F-WF4F-3JJV Magento Improper Access Control vulnerability
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated...
CVE-2022-2128
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4...
CVE-2024-21775
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
Croc Security Breach
croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc version 9.6.5 and earlier versions, which stems from a protocol that requires the sender to provide its local IP address...
Authorization Bypass
gvfs is has an improper authorization flaw in daemon/gvfsdaemon.c in gvfsd...
CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...