46 matches found
Exploit for CVE-2025-5880
CVE-2025-5880 — Whistle 2.9.98 Path Traversal PoC !Python...
EUVD-2014-5797
Malware in sbrugna...
EUVD-2025-17473
Malicious code in bioql PyPI...
EUVD-2024-3470
Malicious code in bioql PyPI...
MAL-2025-44549 Malicious code in heart-replace-whistle (npm)
The package heart-replace-whistle was found to contain malicious code...
Malicious code in heart-replace-whistle (npm)
The package heart-replace-whistle was found to contain malicious code...
CVE-2025-5880
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...
CVE-2025-5880
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...
CVE-2025-5880 Whistle get-temp-file path traversal
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...
CVE-2025-5880 Whistle get-temp-file path traversal
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...
CVE-2025-5880
CVE-2025-5880 affects Whistle 2.9.98. A path traversal flaw is triggered by manipulating the filename argument in /cgi-bin/sessions/get-temp-file. Exploit publicly disclosed; vendor unresponsive per sources. Practical mitigation from PT-2025-24440 suggests restricting access to the endpoint and a...
whistle 路径遍历漏洞
whistle is a Node-based implementation of a cross-platform packet-catching debugging tool by avenwu's individual developers. A path traversal vulnerability exists in whistle version 2.9.98 due to a path traversal error in the parameter filename in the file /cgi-bin/sessions/get-temp-file...
PT-2025-24440
Name of the Vulnerable Software and Affected Versions Whistle version 2.9.98 Description A vulnerability has been found in the file /cgi-bin/sessions/get-temp-file, where the manipulation of the filename argument leads to path traversal. The exploit has been disclosed to the public and may be use...
CVE-2024-55500
Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...
Cross-Site Request Forgery (CSRF)
Avenwu Whistle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of API requests, allowing attackers to perform malicious API calls that result in arbitrary code execution on the victim's machine...
0.extends.whistle (=1.0.65), @alola-react/plugin-proxy (=0.0.1) +24 more potentially affected by CVE-2024-55500 via whistle (>=0.1.0-beta <=2.9.85-beta)
whistle NPM version =0.1.0-beta, =0.1.21-alpha, =0.0.1, =0.0.0-alpha.202201181327, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =1.2.0 and more Source cves: CVE-2024-55500 Source advisory: OSV:GHSA-GG6X-448Q-PQQM...
GHSA-GG6X-448Q-PQQM Avenwu Whistle Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...
Avenwu Whistle Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...
CVE-2024-55500
Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...
CVE-2024-55500
Cross-Site Request Forgery CSRF in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine...