EUVD-2025-23887

Malicious code in bioql PyPI...

CVE-2025-51057

A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...

CVE-2025-51052

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'filegetcontents' function call in '/apivedo/template'...

CVE-2025-51057

A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...

CVE-2025-51052

CVE-2025-51052 describes a path traversal vulnerability in Vedo Suite 2024.17 where an unsanitized file_get_contents() call in /api_vedo/template allows remote authenticated users to read arbitrary filesystem files. Technical details across connected sources confirm the root cause is improper san...

CVE-2025-51057

A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...

PT-2024-18954 · Unknown · Dom-Iterator

Name of the Vulnerable Software and Affected Versions: dom-iterator versions prior to 1.0.1 Description: The issue is related to Arbitrary Code Execution due to the use of the Function constructor without complete input sanitization. This allows an attacker to generate a new function body, posing...

GHSA-3QH4-R86R-GRVM Arbitrary JavaScript Execution in typed-function

Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...

GHSA-934X-72XH-5HRG OS command injection in aws-lambda

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

Oracle FCDB <= 10.5 Cross Site Scripting Vulnerability

Exploit for multiple platform in category remote exploits Title: Cross Site Scripting - Oracle Flex cube Direct Banking Application 10.5 Application: Oracle FCDB Versions Affected: Oracle Flex cube Direct Banking Software 10.5 Note: The payload will bypass the most of the WAFs running behind the...