18 matches found
EUVD-2025-13446
Malicious code in bioql PyPI...
EUVD-2025-13440
Malicious code in bioql PyPI...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
PT-2025-19752 · Dbsyncer · Dbsyncer
Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: The issue is related to incorrect access control in the component /config/download of DBSyncer, allowing attackers to access a JSON file that contains sensitive account information, including the encrypted...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
DBSyncer 安全漏洞
DBSyncer is an open source data synchronization middleware by 86dbs individual developers. A security vulnerability exists in DBSyncer version v2.0.6, which stems from the mishandling of the Nickname parameter in the Edit Profile feature, which could lead to a stored cross-site scripting attack...
DBSyncer 安全漏洞
DBSyncer is an open source data synchronization middleware by 86dbs individual developers. A security vulnerability exists in DBSyncer version v2.0.6, which stems from improper access control of the /config/download component and could lead to the disclosure of sensitive information...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
PT-2025-19751 · Dbsyncer · Dbsyncer
Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45236
Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...
CVE-2025-45237
CVE-2025-45237 concerns DBSyncer v2.0.6 with an incorrect access control in the /config/download component. The issue could allow unauthenticated access to a JSON file that contains sensitive account information, including encrypted passwords. Impact is stated in sources as high confidentiality r...