18 matches found
EUVD-2025-19057
Malicious code in bioql PyPI...
EUVD-2021-32802
Malicious code in bioql PyPI...
CVE-2025-59415
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...
CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...
Frappe Learning 跨站脚本漏洞
Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning version 2.34.1 and prior versions, which stems from not adequately cleaning up uploaded content in personal profiles, and could lead to ...
PT-2025-38279
Name of the Vulnerable Software and Affected Versions: Frappe Learning versions 2.34.1 and below Description: Frappe Learning does not adequately sanitize content uploaded in the profile bio. This allows for the execution of arbitrary scripts in the context of other users through malicious SVG...
CVE-2025-52997
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
CVE-2025-52997 File Browser Insecurely Handles Passwords
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
CVE-2025-52888
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...
Git 安全漏洞
Git is a free, open source distributed version control system. Git for windows has a security vulnerability that stems from updating local repositories using Git pull in Git for windows up to 2.34.1, which Git. CMD can run directly...
MGASA-2021-0498 Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.34.1, fixing several security issues and other bugs. See release notes for details...
PT-2021-8067 · Webkitgtk +7 · Webkitgtk +7
Name of the Vulnerable Software and Affected Versions: WebKitGTK versions prior to 2.34.1 WPE WebKit versions prior to 2.34.1 Description: The issue is related to insecure privilege management in WebKitGTK and WPE WebKit, allowing a remote attacker to impact the integrity of protected information...