Lucene search
K

531 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2025-21758

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00847EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2860

Malicious code in bioql PyPI...

7.5CVSS7.9AI score0.00824EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1440

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00551EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-32797

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02192EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-43127

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-0964

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0136EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30380

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00839EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7628

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.05796EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.5 views

PT-2025-39430

Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...

6.4CVSS5.8AI score0.00185EPSS
Exploits0References5
CVE
CVE
added 2025/09/25 12:0 a.m.14 views

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/25 12:0 a.m.9 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS0.00185EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.8 views

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00839EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2025/09/22 6:30 p.m.2 views

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS6.1AI score0.00839EPSS
Exploits1References4
OSV
OSV
added 2025/09/21 9:15 a.m.4 views

CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS9.4AI score
Exploits0References2
Cvelist
Cvelist
added 2025/09/21 9:0 a.m.9 views

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS0.00839EPSS
Exploits1References2
OSV
OSV
added 2025/09/03 5:42 p.m.6 views

GHSA-QWW7-89XH-X7M7 XWiki configuration files can be accessed through the webjars API

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/xwiki/webjars/wiki%3Axwiki/..%2F..%2F..%2F..%2F..%2FWEB-INF%2Fxwiki.cfg. The trick here is to encode the / which is decoded when parsing the URL segment, but not re-encoded when assembling...

9.3CVSS5.7AI score0.01557EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/29 12:10 a.m.8 views

CVE-2025-40927 CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

0.00431EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-10688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when...

6.1CVSS6.6AI score0.01394EPSS
Exploits1References3
Zero Day Initiative
Zero Day Initiative
added 2025/07/31 12:0 a.m.6 views

(Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function responsible for URL decoding. The issue results from improper...

9.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2025/07/17 8:15 a.m.5 views

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

5.3CVSS5.8AI score0.00847EPSS
Exploits1References1
Rows per page
Query Builder