38 matches found
EUVD-2020-2646
Malware in sbrugna...
EUVD-2018-9537
Malware in sbrugna...
EUVD-2020-2647
Malware in sbrugna...
EUVD-2014-2926
Malware in sbrugna...
EUVD-2017-11790
Malware in sbrugna...
EUVD-2022-0279
Malicious code in bioql PyPI...
EUVD-2023-24083
Malicious code in bioql PyPI...
EUVD-2025-17669
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-10185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...
CVE-2022-24584
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...
CVE-2025-1975
A flaw was discovered in Ollama. This flaw allows a malicious to cause a denial of service DoS attack in affected versions by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, whic...
Server-side Request Forgery
github.com/bishopfox/sliver is vulnerable to Server-side Request Forgery. The vulnerability is due to improper authorization and lack of validation in the Sliver teamserver's reverse port forwarding mechanism, which allows the implant to open a reverse tunnel without operator instruction...
AI ChatBot < 4.9.1 - Subscriber+ Arbitrary File Deletion
Description The plugin does not properly validate files to be deleted in the qcldopenaideletetrainingfile function, allowing users with roles as low as subscriber to delete arbitrary files on the server...
CVE-2023-22452 Improper Input Validation in kenny2automate
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2022-39055 Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response...
CVE-2022-24584
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...
CVE-2022-24584
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico...
PT-2022-16736 · Yubico · Yubikey
Name of the Vulnerable Software and Affected Versions: YubiKey affected versions not specified Description: The issue concerns incorrect access control in the Yubico OTP functionality of the YubiKey hardware tokens and the Yubico OTP validation server. The Yubico OTP is supposed to create...
CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...
Server-Side Request Forgery (SSRF)
node-pdf-generator is vulnerable to server-side request forgery SSRF. Lack of input validation allows an attacker to submit requests on behalf of the server...