47 matches found
EUVD-2021-0971
Malware in sbrugna...
EUVD-2025-19409
Malicious code in bioql PyPI...
EUVD-2022-1277
Malicious code in bioql PyPI...
EUVD-2024-0332
Malicious code in bioql PyPI...
EUVD-2022-6486
Malicious code in bioql PyPI...
CVE-2025-53840 Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...
PT-2025-28088 · Belkin · Belkin F9K1122
Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue affects the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey in the component webs. The manipulation of the argument submit-url-ok leads to a stack-based buffer...
PT-2025-26760 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This...
PT-2025-26653
Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611 Description: A vulnerability was found in the Telnet Service component, affecting an unknown part of the file demo.sh. The manipulation leads to denial of service. Access to the local network is required for this...
PT-2025-24384 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical issue affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg in the HTTP POST Request Handler component. The manipulation of the remoteIp argument leads to a...
PT-2025-24320 · Totolink · Totolink Ex1200T
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file /boafrm/formPortFw. The manipulation of the service type argument leads to a buffer...
PT-2025-23410 · Jeewms · Jeewms
Name of the Vulnerable Software and Affected Versions: JeeWMS up to 20250504 Description: A critical issue affects the transEditor function of the file "/cgformTransController.do?transEditor". This issue leads to SQL injection and can be initiated remotely. Recommendations: For JeeWMS up to...
CVE-2022-24719
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using followRedirects or followRedirectsWith with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie,...
PT-2025-15239 · Ruoyi · Ruoyi
Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the menuId parameter. Recommendations: For RUoYi version 4.8.0, as a temporary workaround, consider restricting access to the vulnerable...
PT-2025-14802 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK x18 version 9.1.0cu.2024 B20220329 Description: The issue allows a remote attacker to execute arbitrary code via the sub 410E54 function of the cstecgi.cgi. Recommendations: For TOTOLINK x18 version 9.1.0cu.2024 B20220329, as a...
PT-2024-17152 · WordPress · Wp-Svg
Name of the Vulnerable Software and Affected Versions: WP-SVG WordPress plugin versions 0.9 and prior Description: The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...
GHSA-5462-4VCX-JH7J Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
PT-2024-17009 · WordPress · Faq Builder Ays Plugin
Name of the Vulnerable Software and Affected Versions: FAQ Builder AYS plugin for WordPress versions up to and including 1.7.1 Description: The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ays faq tab parameter due to insufficient input sanitization...
PT-2024-33103 · Assimp +2 · Assimp +2
Name of the Vulnerable Software and Affected Versions: assimp version 5.4.3 Description: An issue in the Assimp library allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function. This enables the attacker to potentially gain control over the system. Recommendation...
CVE-2024-42472 Flatpak may allow access to files outside sandbox for certain apps
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...