531 matches found
EUVD-2025-21758
Malicious code in bioql PyPI...
EUVD-2024-2860
Malicious code in bioql PyPI...
EUVD-2024-1440
Malicious code in bioql PyPI...
EUVD-2022-32797
Malicious code in bioql PyPI...
EUVD-2024-43127
Malicious code in bioql PyPI...
EUVD-2022-0964
Malicious code in bioql PyPI...
EUVD-2025-30380
Malicious code in bioql PyPI...
EUVD-2022-7628
Malicious code in bioql PyPI...
PT-2025-39430
Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...
CVE-2025-60249
CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
CVE-2025-6544
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
GHSA-QWW7-89XH-X7M7 XWiki configuration files can be accessed through the webjars API
Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/xwiki/webjars/wiki%3Axwiki/..%2F..%2F..%2F..%2F..%2FWEB-INF%2Fxwiki.cfg. The trick here is to encode the / which is decoded when parsing the URL segment, but not re-encoded when assembling...
CVE-2025-40927 CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...
Linux Distros Unpatched Vulnerability : CVE-2020-10688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when...
(Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function responsible for URL decoding. The issue results from improper...
CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...