EUVD-2025-22977

Malicious code in bioql PyPI...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

GHSA-W832-W3P8-CW29 z-push/z-push-dev SQL Injection Vulnerability

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

CVE-2025-8264

CVE-2025-8264 affects z-push/z-push-dev prior to version 2.7.6 due to unparameterized queries in the IMAP backend, enabling SQL Injection via the username field in basic authentication. Impact stated as attacker could access and potentially modify or delete data in a linked third-party database. ...

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

PT-2025-31175 · Z-Push +1 · Z-Push +1

Name of the Vulnerable Software and Affected Versions: z-push/z-push-dev versions prior to 2.7.6 Description: The software is vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic...