CVE-2023-4536

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...

CVE-2025-13170

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/editaccount.php. Performing a manipulation of the argument adminid results in sql injection. The attack is possible to be carried out remotely. T...

PT-2025-44732

Name of the Vulnerable Software and Affected Versions code-projects Simple Online Hotel Reservation System version 2.0 Description A security flaw exists in code-projects Simple Online Hotel Reservation System 2.0. The issue involves a SQL injection affecting an unknown function within the...

EUVD-2018-18943

Malware in sbrugna...

EUVD-2020-15891

Malware in sbrugna...

EUVD-2019-1760

Malware in sbrugna...

EUVD-2018-3754

Malware in sbrugna...

EUVD-2022-43713

Malicious code in bioql PyPI...

EUVD-2025-25583

Malicious code in bioql PyPI...

EUVD-2025-25380

Malicious code in bioql PyPI...

EUVD-2022-24420

Malicious code in bioql PyPI...

User Enumeration

com.liferay, com.liferay.login.web is vulnerable to User Enumeration. The vulnerability is due to improper handling of account creation requests on the "create account" page, which allows an attacker to determine if a specific account exists in the application...

CVE-2025-9663

A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /editaccount.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicl...

CVE-2025-9667 code-projects Simple Grading System Admin Panel delete_account.php sql injection

A vulnerability was detected in code-projects Simple Grading System 1.0. This affects an unknown part of the file /deleteaccount.php of the component Admin Panel. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public a...

CVE-2025-57770

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

Liferay Portal User Enumeration Vulnerability via the Create Account Page

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

GHSA-XWC5-Q44V-P6GG Liferay Portal User Enumeration Vulnerability via the Create Account Page

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...