EUVD-2025-11131

Malicious code in bioql PyPI...

EUVD-2022-49556

Malicious code in bioql PyPI...

YuPao DirectHire 安全漏洞

YuPao DirectHire is a recruiting software from the Chinese company YuPao 鱼泡. A security vulnerability exists in YuPao DirectHire version 8.8.0, which originates from a specially crafted link that can access sensitive user information...

AZL-56478 CVE-2025-0167 affecting package curl for versions less than 8.8.0-6

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

CVE-2024-8096 affecting package curl for versions less than 8.8.0-3

CVE-2024-8096 affecting package curl for versions less than 8.8.0-3. A patched version of the package is available...

ModStartCMS 安全漏洞

ModStartCMS is a Laravel-based modular extremely fast development framework from ModStart. A security vulnerability exists in ModStartCMS version v8.8.0, which stems from an open redirection issue in the redirection parameter of /admin/login, which allows an attacker to redirect users to arbitrar...

CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

CVE-2024-2398 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-2004 affecting package curl for versions less than 8.8.0-1

CVE-2024-2004 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Design/Logic Flaw

An insufficiently protected credentials vulnerability CWE-522 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords...

CVE-2022-46774

IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953...

Xxe

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

Design/Logic Flaw

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0...

Denial of service

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0...

CVE-2019-20418

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0...

Make use of Secure Introspector in Velocity Templates - CVE-2019-20409

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...

Make use of Secure Introspector in Velocity Templates - CVE-2019-20409

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote...

Application DoS via the /rendering/wiki endpoint - CVE-2019-20418

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. Affected versions version 8.8.0 Fixed versions 8.8.0...

Information disclosure in System Administration - Global Permissions - CVE-2019-20898

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...

PT-2018-11822 · Naver · Line

Name of the Vulnerable Software and Affected Versions: LINE jp.naver.line application version 8.8.0 for iOS Description: An issue in the LINE application allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. The vendor notes that th...