EUVD-2025-6855

Malicious code in bioql PyPI...

Malicious code in discord-selfbot-v12 (npm)

The package discord-selfbot-v12 was found to contain malicious code...

MAL-2025-18476 Malicious code in discord-selfbot-v12 (npm)

The package discord-selfbot-v12 was found to contain malicious code...

CVE-2022-25431

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function...

CVE-2024-8581

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

CVE-2024-8581

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

CVE-2024-10019

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

CVE-2024-8898 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

PT-2025-12021 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version V12 Strawberry Description: A vulnerability in the start app server function allows for path traversal and OS command injection. The function does not properly sanitize the app name parameter, enabling an attacke...

CVE-2021-47658

CVE-2021-47658 affects the Linux kernel DRM/AMD/PM component. The issue is a memory leak where gpu_metrics_table is allocated in renoir_init_smc_tables() but not freed in smu_v12_0_fini_smc_tables(), as described in the provided entries. Impact details are limited to a potential memory leak with ...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp (CVE-2024-45296).

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial...

CVE-2024-24130

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting XSS vulnerability via the Usr parameter at resellercenter/login.asp...

Cross site scripting

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting XSS vulnerability via the Usr parameter at resellercenter/login.asp...

CVE-2024-24130

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting XSS vulnerability via the Usr parameter at resellercenter/login.asp...

CVE-2024-24130

Mail2World v12 Business Control Center has a reflected XSS in resellercenter/login.asp via the Usr parameter. Root cause: reflected input is echoed into the page. Impact per sources: confidentiality and integrity may be low; no availability impact reported. Exploitation details are not provided i...

CVE-2024-24130

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting XSS vulnerability via the Usr parameter at resellercenter/login.asp...

Design/Logic Flaw

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

Ashlar Incorporated Ashlar-Vellum Buffer Error Vulnerability

Ashlar Incorporated Ashlar-Vellum is the development platform for Ashlar Incorporated's computer-aided design CAD and 3D modeling software. A security vulnerability exists in Ashlar Incorporated Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12, which stems from a lack of proper...

MAL-2023-7950 Malicious code in discord.js-v12-lukyy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84f8bf74e566b2971105d1d8482b27bb35a3cd1aa60def4e10b9ae09a4397da8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-259 Malicious code in discord.js-v12-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3de37bbf9cc617eae53807b68e85234ffba9cb109affd65d17ce5a1d922140b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...