GHSA-F8R6-6222-9PVC Apache Kyuubi Server vulnerable to Path Traversal

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

CVE-2025-66518 Apache Kyuubi: Unauthorized directory access due to missing path normalization

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

EUVD-2022-3515

Malicious code in bioql PyPI...

EUVD-2024-0123

Malicious code in bioql PyPI...

EUVD-2022-34573

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-23203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several...

CVE-2025-9300

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixeldebugprintpalette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit...

PT-2025-34215

Name of the Vulnerable Software and Affected Versions: libsixel versions up to 1.10.3 Description: A vulnerability exists in saitoha libsixel up to version 1.10.3. This issue affects the sixel debug print palette function within the img2sixel component, located in the src/encoder.c file...

libsixel 安全漏洞

libsixel is a package from the individual developer Hayaki Saito that provides an encoding/decoding implementation for DEC SIXEL graphics and other converter programs. A security vulnerability exists in libsixel version 1.10.3 and earlier, which stems from a stack buffer overflow...

PYSEC-2025-56

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

CVE-2025-32788

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

CVE-2025-32788 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

CVE-2025-32391

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

HedgeDoc 跨站脚本漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site scripting vulnerability exists in HedgeDoc versions prior to 1.10.3, which stems from a malicious SVG file that could lead to a cross-site scripting attack...

PT-2025-15983 · Github +1 · Github Gist +1

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.10.3 Description: The issue arises when a malicious SVG file is uploaded to HedgeDoc, potentially leading to cross-site scripting XSS when the file is opened in a new tab. This is possible due to the exploitation ...

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Flexible PDF Coupons versions 1.10.3...

WordPress Financial Stocks & Crypto Market Data Plugin plugin <= 1.10.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Financial Stocks & Crypto Market Data Plugin versions = 1.10.3...

PT-2025-1680 · WordPress · Financial Stocks & Crypto Market Data Plugin

Name of the Vulnerable Software and Affected Versions: Financial Stocks & Crypto Market Data Plugin versions up to, and including, 1.10.3 Description: The issue is related to Reflected Cross-Site Scripting via the e parameter due to insufficient input sanitization and output escaping. This allows...