126 matches found
EUVD-2025-27604
Malicious code in bioql PyPI...
EUVD-2025-22819
Malicious code in bioql PyPI...
EUVD-2025-22817
Malicious code in bioql PyPI...
EUVD-2025-27613
Malicious code in bioql PyPI...
EUVD-2025-27178
Malicious code in bioql PyPI...
EUVD-2025-22816
Malicious code in bioql PyPI...
EUVD-2025-22573
Malicious code in bioql PyPI...
EUVD-2025-22569
Malicious code in bioql PyPI...
CVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10210
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
ChanCMS SQL Injection Vulnerability
ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...
ChanCMS Server-Side Request Forgery Vulnerability
ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...
CVE-2025-10110
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...
CVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10211
ChanCMS 3.3.0 contains a server-side request forgery in the CollectController, triggered by manipulating the taskUrl parameter in /cms/collect/getArticle. The issue allows remote attackers to make arbitrary requests from the server. Public disclosures and a Nuclei template detail this SSRF, descr...
CVE-2025-10210
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
CVE-2025-10210
ChanCMS up to version 3.3.0 contains a SQL injection in the Search function (app/modules/api/service/Api.js) caused by manipulation of the key argument. The issue is exploitable remotely, and public PoC/exploit material exists; the vendor has not responded. A remediation is needed: upgrade to the...