46 matches found
EUVD-2021-1113
Malware in sbrugna...
EUVD-2019-4701
Malware in sbrugna...
EUVD-2022-38396
Malicious code in bioql PyPI...
EUVD-2021-30816
Malicious code in bioql PyPI...
EUVD-2022-41780
Malicious code in bioql PyPI...
EUVD-2022-49776
Malicious code in bioql PyPI...
EUVD-2025-23163
Malicious code in bioql PyPI...
EUVD-2023-2674
Malicious code in bioql PyPI...
EUVD-2022-4404
Malicious code in bioql PyPI...
CVE-2025-52567
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...
CVE-2025-52567
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...
CVE-2025-52567
GLPI vulnerability CVE-2025-52567 affects GLPI versions 0.84โ10.0.18 where using RSS feeds or external calendars during planning allows SSRF. The issue is fixed in version 10.0.19. Related sources note an unauthenticated access path via the planning feature (phishing context) and server-side requ...
CVE-2025-52567 GLPI has overly permissive URL verification
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...
CVE-2025-52567 GLPI has overly permissive URL verification
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...
PT-2025-31384 ยท Glpiย +1 ยท Glpiย +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. Versions 0.84 through 10.0.18 are susceptible to a Server-Side Request Forgery SSRF exploit when using RSS feeds or external calendars for...
CVE-2025-47293
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...
PT-2025-26199
Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 2.5.0 Description The issue concerns urllib3, a Python HTTP client library, which does not control redirects in browsers and Node.js prior to version 2.5.0. This library supports being used in a Pyodide runtime,...
FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 45eb98d6-3b13-11f0-97f7-b42e991fc52e advisory. [email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by...
CVE-2025-4123
Grafana OSS is affected by CVE-2025-4123, a cross-site scripting (XSS) flaw caused by a combination of client path traversal and an open redirect. The issue does not require editor permissions; it can be triggered when anonymous access is enabled, causing arbitrary JavaScript execution in the use...
CVE-2025-32358
In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...