CVE-2025-41079

CVE-2025-41079 affects Seafile v12.0.10 and is a stored XSS vulnerability triggered by storing malicious payloads via the PUT /api/v2.1/user/ endpoint using the name parameter. The issue enables browser-side code execution when a victim loads affected content. Public details consistently referenc...

Magewell Ultra Encode 安全漏洞

Magewell Ultra Encode is a video encoder from the Chinese company Magewell. A security vulnerability exists in Magewell Ultra Encode version 1.2.213, which originates from a cross-site request forgery in the /mwapi?method=add-user component...

CVE-2025-11862

CVE-2025-11862 : Verve Asset Manager has an access-control vulnerability enabling unauthorized read-only users to read, update, and delete users via the API. Affects the Verve Asset Manager API endpoints (and is described as a user data manipulation issue with API exposure). The CVSS 4.0 base sco...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297

CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...

pybbs 访问控制错误漏洞

pybbs is a community platform for Java development by iuiu individual developers. An access control error vulnerability exists in pybbs version 6.0.0 and earlier, which stems from the misuse of an unknown function in the file UserApiController.java, which could lead to information disclosure...

EUVD-2019-2063

Malware in sbrugna...

EUVD-2017-9492

Malware in sbrugna...

EUVD-2022-53216

Malicious code in bioql PyPI...

CVE-2022-50453

CVE-2022-50453 affects the Linux kernel (gpiolib: cdev). The vulnerability arises from NULL-pointer dereferences when userspace can trigger GPIO syscalls on a hot-unplugged GPIO device, allowing races where a device is removed after a NULL check. The fix partially mitigates by verifying gdev->...

CVE-2025-36897

In unknown of cdCnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml1,concat0x3f,md5123456,0x3f,1=1 leads to sql injection. It is...

CVE-2025-3446

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

kernel: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

Linux Distros Unpatched Vulnerability : CVE-2018-19854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 4.19.3. cryptoreportone and related functions in crypto/cryptouser.c the crypto user configuration API do not...

CVE-2020-26261

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...