EUVD-2026-15754

Requests has Insecure Temp File Reuse in its extractzippedpaths utility function...

CVE-2025-15583 detronetdip E-commerce function.php get_safe_value cross site scripting

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function getsafevalue of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

CVE-2025-15583

CVE-2025-15583 affects detronetdip E-commerce 1.0.0, specifically the get_safe_value function in util/function.php. The vulnerability induces cross-site scripting and can be triggered remotely; public exploit appears to be available. The description provides no details on a fix or mitigations, an...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce has a security vulnerability, which stems from improper handling of the getsafevalue function in the utility/function.php file. This vulnerability may lead to cross-si...

EUVD-2025-8484

Malicious code in bioql PyPI...

Verifying Differentially Private Median Estimation

Differential Privacy DP is a robust privacy guarantee that is widely employed in private data analysis today, finding broad application in domains such as statistical query release and machine learning. However, DP achieves privacy by introducing noise into data or query answers, which malicious...

CVE-2025-21877

In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelinkbind does not properly...

CVE-2025-21877

In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelinkbind does not properly...

GHSA-R6CH-MQF9-QC9W Regular Expression Denial of Service in Headers

Impact The Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize utility function...

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

Unsafe downcast

Lines of code Vulnerability details Impact It's possible to generate silent overflows when downcasting. E.g. if the value if bigger than the type being cast, it will overflow starting from zero. Proof of concept For the Price.sol constructor, if observationFrequency is a small value and...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

CVE-2020-7679

CasperJS is affected by a Prototype Pollution vulnerability in the mergeObjects utility function across all versions. The issue allows an attacker to inject properties into Object.prototype (via proto or similar paths), potentially polluting prototypes and enabling unintended behavior. Documented...

Prototype Pollution

deap is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Prototype Pollution

deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Prototype Pollution

merge-recursive is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Prototype Pollution

merge-options is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Prototype Pollution

merge-objects is vulnerable to prototype pollution attacks. The vulnerability exists as the utility function allows modifying the prototype of Object...

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Several earlier Django security releases focused on the issue of poisoning the HTTP Host header, causing Django to generate URLs pointing to arbitrary, potentially-malicious domains. In response to further input received and reports of continuing...