MAL-2025-65791 Malicious code in umi-tumis73-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77f6cabd3fe5b16685cf930e81f7036852a6114b7d50cb1612157fc543f64ed1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in back_hookworm_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd6d8780bdd0144e85248cd1e8ef24350aa7d7698a58b498f36d8e52d6d5b13 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-59115 Malicious code in umi-mangut25-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfc768bef9d55a57347eb5db6d63ec0f2f467a7dc0c80f9456002d13fa79243 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oktafian-dodol41-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe285f739373500dc85e32f8d7573a0fa5cf214e22b617e2fa009933d4848ff1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an improperly access-controlled unknown function in the file/edit, which could lead to a remote attack...

EUVD-2024-16785

Malicious code in bioql PyPI...

EUVD-2022-43515

Malicious code in bioql PyPI...

EUVD-2024-16787

Malicious code in bioql PyPI...

EUVD-2024-21585

Malicious code in bioql PyPI...

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

PT-2025-30975 · Campcodes · Best Courier Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Courier Management System version 1.0 Description: A critical issue exists in Campcodes Courier Management System version 1.0. The vulnerability is a SQL injection that affects an unknown part of the file /edit staff.php. The...

CVE-2024-1010

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...

CVE-2020-28187

Multiple directory traversal vulnerabilities in TerraMaster TOS = 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the 1 filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to...

CVE-2025-4110

CVE-2025-4110 affects PHPGurukul Pre-School Enrollment System v1.0. Multiple connected sources confirm a SQL injection in the /admin/edit-teacher.php file via the mobilenumber parameter, with remote exploitation and the exploit disclosed publicly. The issue impacts unknown functionality of that f...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...