@apollo/server 安全漏洞

@apollo/server is a JavaScript code package open-sourced by Apollo GraphQL. Versions prior to 3.13.0, 4.13.0, and 5.4.0 of @apollo/server contain security vulnerabilities. These vulnerabilities stem from improper handling of encoded requests using special character sets in the default...

EUVD-2021-19386

Malware in sbrugna...

EUVD-2019-0295

Malware in sbrugna...

EUVD-2021-19385

Malware in sbrugna...

EUVD-2022-49121

Malicious code in bioql PyPI...

EUVD-2021-29309

Malicious code in bioql PyPI...

EUVD-2025-7768

Malicious code in bioql PyPI...

EUVD-2021-28579

Malicious code in bioql PyPI...

CVE-2024-56524

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request...

CVE-2024-56524

CVE-2024-56524 — Radware Cloud WAF: The Radware Cloud Web Application Firewall before 2025-05-07 allows bypass of firewall filtering by adding a special character to the request (and by non-deterministic GET-body data in some reports). The CVE affects Radware Cloud WAF versions prior to the patch...

Security Vulnerabilities fixed in Thunderbird 138 — Mozilla

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

TOTOLINK A810R Command Execution Vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a command execution vulnerability that stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed command special character...

CVE-2025-27398

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of...

CVE-2025-27398

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of...

Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of specia...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2024-48418

In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands...

BIT-PYTHON-MIN-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1010)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822...

GHSA-HWCP-2H35-P66W PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

Cross-Site Scripting XSS vulnerability of the hyperlink base in the HTML page header Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS...