166 matches found
EUVD-2008-6221
Malware in sbrugna...
EUVD-2018-13828
Malware in sbrugna...
EUVD-2025-24834
Malicious code in bioql PyPI...
EUVD-2022-46371
Malicious code in bioql PyPI...
EUVD-2024-29171
Malicious code in bioql PyPI...
CVE-2025-59562
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.3.4...
CVE-2025-59562
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.3.4...
CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4...
CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.3.4...
PT-2025-39040
Name of the Vulnerable Software and Affected Versions Academy LMS versions through 3.3.4 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through user-controlled keys. Recommendations Update Academy LMS to a version...
PT-2025-33287 · Espec North America · Espec North America Web Controller
Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller versions prior to 3.3.4 Description: An invalid authentication request to /api/v4/auth/ exposes a JWT secret, potentially allowing for elevated permissions to the user interface. Recommendations: Update ESPE...
CVE-2025-27845
CVE-2025-27845 affects ESPEC North America Web Controller, versions prior to 3.3.4. An invalid authentication request to /api/v4/auth/ exposes the JWT secret, permitting elevated permissions to the UI. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation: upgrade to 3.3.4 or later (per PT-2025-...
[SECURITY] [DLA 4265-1] modsecurity-crs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...
Debian dla-4265 : modsecurity-crs - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4265 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected]...
CVE-2025-8528 Exrick xboot getMenuList sensitive information in a cookie
A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...
XBoot 安全漏洞
XBoot is a one-stop front-end and back-end separation rapid development platform for Exrick individual developers. A security vulnerability exists in XBoot 3.3.4 and earlier versions, which stems from sensitive information being stored in a cookie in clear text...
CVE-2023-48331
Cross-Site Request Forgery CSRF vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4...
CVE-2018-25067
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/comjoomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to versio...
CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from a...