184 matches found
EUVD-2016-6051
Malware in sbrugna...
EUVD-2008-4340
Malware in sbrugna...
EUVD-2025-3090
Malicious code in bioql PyPI...
EUVD-2023-23425
Malicious code in bioql PyPI...
EUVD-2022-33106
Malicious code in bioql PyPI...
EUVD-2022-53462
Malicious code in bioql PyPI...
EUVD-2022-4807
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-36032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to...
CVE-2025-50900
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...
SUSE-SU-2025:02968-1 Security update for libqt4
This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...
CVE-2025-50900
CVE-2025-50900 affects getrebuild/rebuild 4.0.4. The issue resides in com.rebuild.web.RebuildWebInterceptor.preHandle, where the filter decodes the request URI and checks if the path ends with /error. If it does not, the code redirects to /user/login, potentially allowing an unauthenticated attac...
NewStart CGSL MAIN 7.02 : librsvg2 Vulnerability (NS-SA-2025-0127)
The remote NewStart CGSL host, running version MAIN 7.02, has librsvg2 packages installed that are affected by a vulnerability: - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside ...
CVE-2023-1142
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation...
CVE-2022-32265
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido
Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...
caido 跨站脚本漏洞
caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...
BIT-PHP-MIN-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
RHEL 6 : puppet (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - puppet: incorrect URL decoding CVE-2016-2785 - Versions of Puppet prior to 4.10.1 will deserialize data o...
BIT-PHP-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
Cross site scripting
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...