GHSA-5XRQ-8626-4RWP When Vitest UI server is listening, arbitrary file can be read and executed

Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...

Missing Authorization

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connectin...

CVE-2026-9302

546669204 vps-inventory-monitoring (VpsTest Console) is affected via the VpsTest.php file’s eval usage. The vulnerability arises from manipulating the argument vf in the function eval, allowing remote code execution. Public exploit exists. The project uses a rolling release, and the CVE record do...

vps-inventory-monitoring 代码注入漏洞

vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from incomplete repairs in the test.php file, which did not clean up the...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

GHSA-45H5-66JX-R2WF MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

SUSE SLED15 / SLES15 Security Update : python-future (SUSE-SU-2025:03049-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03049-1 advisory. - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124 Tenable has...

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

CVE-2025-14673 gmg137 snap7-rs client.rs as_ct_write heap-based overflow

A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7rs::client::S7Client::asctwrite of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to t...

EUVD-2019-2177

Malware in sbrugna...

EUVD-2006-6389

Malware in sbrugna...

EUVD-2019-5246

Malware in sbrugna...

EUVD-2025-24871

Malicious code in bioql PyPI...

jqlang jq JSON jq_test.c run_jq_tests assertion

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-future (SUSE-SU-2025:03038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03038-1 advisory. - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...

SUSE-SU-2025:03038-1 Security update for python-future

This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...

Linux Distros Unpatched Vulnerability : CVE-2025-50817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is...

SUSE-SU-2025:03029-1 Security update for python-future

This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...

SUSE-SU-2025:03028-1 Security update for python-future

This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py bsc1248124...