Docudepot PDF Reader 安全漏洞

Docudepot PDF Reader is a reading tool developed by Docudepot that supports the viewing and management of PDF documents. Version 1.0.34 of Docudepot PDF Reader contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file overwriting, which could allow attacke...

EUVD-2022-0572

Malicious code in bioql PyPI...

EUVD-2025-25479

Malicious code in bioql PyPI...

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755

CVE-2025-57755 concerns claude-code-router, where improper CORS configuration risks exposing user API keys or credentials to untrusted domains. The vulnerability affects the router’s cross-origin handling and could enable credential leakage, credential abuse, quota exhaustion, or access to sensit...

CVE-2025-57755 claude-code-router CORS. misconfiguration

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755 claude-code-router CORS. misconfiguration

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

GHSA-8HMM-4CRW-VM2C @musistudio/claude-code-router has improper CORS configuration

Impact Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data...

CVE-2023-51376

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.33 is vulnerable to Sensitive Data Exposure

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-37498 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b592d73e1659...

WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.34...

Cross site scripting

A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is...

Lexar_F35 授权问题漏洞

LexarF35 is a USB flash drive from Lexar Corporation. A security vulnerability exists in LexarF35 version 1.0.34, which originates from an access control issue in the authentication module. The vulnerability can be exploited by an attacker to access sensitive data and cause a denial of service Do...

CVE-2021-24311

The wpajaxupload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users...

ALPINE-CVE-2018-16738

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1...

UBUNTU-CVE-2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets...

CVE-2018-16738

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1...