CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

PT-2025-47395

Name of the Vulnerable Software and Affected Versions Sencore SMP100 SMP Media Platform versions V4.2.160, V60.1.4, V60.1.29 Description The Sencore SMP100 SMP Media Platform is susceptible to session hijacking because of inadequate session management. An attacker on the same network as a logged-...

EUVD-2025-29265

Malicious code in bioql PyPI...

CVE-2025-56274

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged such as admin sessions and perform sensitive operations such as adding new users...

CVE-2025-56274

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged such as admin sessions and perform sensitive operations such as adding new users...

CVE-2025-56274

SourceCodester Web-based Pharmacy Product Management System 1.0 is affected by an Incorrect Access Control flaw that lets low-privileged users forge sessions with admin-like privileges and perform sensitive actions (e.g., adding users). The CVE entry documents a high impact (CVE-2025-56274) with ...

PT-2025-37767

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0 Description The software contains an Incorrect Access Control issue. This allows users with limited privileges to create sessions with higher privileges, such as those of ...

News Script PHP Pro Cross-Site Request Forgery Vulnerability

News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site request forgery vulnerability exists in News Script PHP Pro 2.3. An attacker can exploit this vulnerability to add new users...

Buffer Overflow Vulnerability in Various Apple Products (CNVD-2020-67605)

Apple tvOS and others are products of Apple Inc. Apple tvOS is a smart TV operating system. tvOS is a smart TV operating system. Apple watchOS is a smart watch operating system. A security vulnerability exists in a number of Apple products, which stems from a memory corruption vulnerability that...

Authentication Bypass by Spoofing in express-cart

A deficiency in the access control in module express-cart =1.1.5 allows unprivileged users to add new users to the application as administrators...

Gallarific - search.php?query Cross-Site Scripting

Gallarific - search.php?query Cross-Site Scripting source: https://www.securityfocus.com/bid/28163/info Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the...