EUVD-2022-38394

Malicious code in bioql PyPI...

CVE-2024-48093

Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types...

CVE-2024-48093

CVE-2024-48093 affects Operately v0.1.0. The vulnerability is an unrestricted file upload in the Discussions tab that allows a privileged user to achieve Remote Code Execution by uploading and executing malicious files without validating file extensions or content types. Public sources in the con...

CVE-2024-48093

Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

CVE-2024-39129

Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf at /src/PayloadBuf.cpp...

CVE-2024-39132

CVE-2024-39132 affects DumpTS v0.1.0-nightly. The vulnerability is a NULL pointer dereference in the function VerifyCommandLine() located in /src/DumpTS.cpp, leading to a denial of service. CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating network access is possible with low complexity a...

CVE-2023-34840

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2020-22429

redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr function at /src/header/netdb/mod.rs...

Design/Logic Flaw

redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr function at /src/header/netdb/mod.rs...

PYSEC-2022-43049

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

Code injection

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

PT-2022-37384 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The issue concerns a potential code-execution backdoor inserted by a third party into the d8s-math package for Python, distributed on PyPI. The backdoor is identified as the democritus-strings package...

CVE-2022-35506

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters...

CVE-2022-35506

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters...

Stack overflow

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters...

CVE-2022-35506

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters...

CVE-2022-35506

CVE-2022-35506 affects TripleCross v0.1.0. The vulnerability is a stack overflow caused by unlimited length of program parameters. Public sources (NVD/Red Hat/OSV/etc.) confirm the issue but do not provide a confirmed patch version; PT-2022-22873 notes no information about a fix. The CVSSv3.1 met...

CVE-2022-34065

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

Improper Handling of Unexpected Data Type in ced

Impact In ced v0.1.0, passing data types other than Buffer causes the Node.js process to crash. Patches The problem has been patched in ced v1.0.0. You can upgrade from v0.1.0 without any breaking changes. Workarounds Before passing an argument to ced, verify it’s a Buffer using Buffer.isBufferob...