EUVD-2025-27525

Malicious code in bioql PyPI...

CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

ILIAS < 7.27 SQLi Vulnerability

ILIAS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if descripti...

CVE-2017-20136

CVE-2017-20136 affects Itech Classifieds Script 7.27. The vulnerability exists in an unknown function within /subpage.php, where manipulating the parameter scat with input like 51' AND 4941=4941 AND 'hoCP'='hoCP leads to SQL injection. This can be exploited remotely and has been publicly disclose...

Ambit Technologies iTech Classifieds Script SQL注入漏洞

Ambit Technologies iTech Classifieds Script is a popular and cost-effective solution from Ambit Technologies India for launching your classified ads website. Ambit Technologies iTech Classifieds Script version 7.27 suffers from a SQL injection vulnerability that stems from the presence of an...

AVM FRITZ!Box Multiple Wi-Fi Vulnerabilities (FragAttacks)

AVM FRITZ!Box devices are prone to multiple Wi-Fi vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:avm:fritz%21os...

CVE-2018-20578

CVE-2018-20578 affects NuttX releases prior to 7.27. The flaw is in netlib_parsehttpurl() within apps/netutils/netlib/netlib_parsehttpurl.c, which mishandles URLs longer than hostlen (default 40 in the webclient), causing an Infinite Loop when processing the Location header of an HTTP 3xx respons...

Itech Classifieds Script 7.27 - SQL Injection

Itech Classifieds Script 7.27 - SQL Injection Exploit Title: Itech Classifieds Script v7.27 - 'pid' Parameter SQL Injection Google Dork: N/A Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/classifieds-script/ Demo:...

Drupal 7.x < 7.27 Forms API Information Disclosure

The remote web server is running a version of Drupal that is 7.x prior to 7.27. It is, therefore, affected by an error related to the HTML form API and the caching of pages for different anonymous users, which could allow sensitive information to be disclosed. Note that Drupal core does not expos...