GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

EUVD-2022-34043

Malicious code in bioql PyPI...

EUVD-2022-36152

Malicious code in bioql PyPI...

EUVD-2022-53371

Malicious code in bioql PyPI...

EUVD-2022-53369

Malicious code in bioql PyPI...

CVE-2025-46080

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...

CVE-2023-33797

A stored cross-site scripting XSS vulnerability in the Create Sites /dcim/sites/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33785

A stored cross-site scripting XSS vulnerability in the Create Rack Roles /dcim/rack-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33788

A stored cross-site scripting XSS vulnerability in the Create Providers /circuits/providers/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33800

A stored cross-site scripting XSS vulnerability in the Create Regions /dcim/regions/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-32124

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /index/jobfairol/show/...

CVE-2024-54792

A Cross-Site Request Forgery CSRF vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users...

CVE-2024-54792

CVE-2024-54792 : SpagoBI 3.5.1 is affected by a CSRF vulnerability in the user administration panel. An authenticated attacker can induce a logged-in admin to perform unwanted actions (e.g., add/edit/delete users) on behalf of the victim via crafted requests. The issue is demonstrated in multiple...

CVE-2023-38992

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-38992

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

Sql injection

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-38992

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-38992

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-38992

Jeecg-Boot v3.5.1 is affected by a SQL injection vulnerability exposed via the title parameter in the /sys/dict/loadTreeData API. Root cause: insufficient input handling leading to SQL injection (CWE-89). Impact: high-severity access to sensitive data; CVSS v3.1 base score 9.8. Mitigation: apply ...

JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode in method org.jeecg.modules.api.controller.SystemApiController...