PT-2026-7488

Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not...

CVE-2025-10929

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10929

CVE-2025-10929 affects the Drupal Reverse Proxy Header module prior to version 1.1.2. The publicly documented issue is an improper validation of consistency within input, which can allow manipulation of user-controlled variables. The problem is tied to the Reverse Proxy Header behavior and indica...

EUVD-2024-51025

Malicious code in bioql PyPI...

EUVD-2024-49620

Malicious code in bioql PyPI...

EUVD-2025-22758

Malicious code in bioql PyPI...

EUVD-2024-0190

Malicious code in bioql PyPI...

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...

WilderForge 安全漏洞

WilderForge is a Wildermyth core module API open-sourced by WilderForge. A security vulnerability exists in WilderForge that stems from the improper use of user-controlled variables in GitHub Actions, which could lead to arbitrary command execution...

CVE-2024-22417

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

CVE-2024-8475

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5...

CVE-2021-41569

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651

CVE-2024-12651 affects the PTT HGS Mobile App prior to version 6.5.0. The issue is an Exposed Dangerous Method or Function vulnerability that allows manipulating user-controlled variables. The NVD/NIST record lists a CVSS v3.1 base score of 8.5 (HIGH) with Network attack vector, Low privileges re...

CVE-2024-8475

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5...