CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2023-53888

CVE-2023-53888 affects Zomplog 3.9. An authenticated attacker can upload JavaScript files, rename them to PHP, and trigger arbitrary PHP code execution via the app’s file-manipulation endpoints (saveE and rename actions). The vulnerability originates from the authenticated file manipulation workf...

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2025-14195 code-projects Employee Profile Management System add_file_query.php unrestricted upload

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from a directory traversal in the zip archive feature that could lead to arbitrary file manipulation...

MAL-2025-115207 Malicious code in kresna-lodeh29-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f844fd0de7088ff310e3c801452d5d9830fc97b2788c009597576624460b4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-83546 Malicious code in bayu-ruwet90-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 166d532a99196aebf400c6aef19fd122a9fcd3629cb4cc18789af6e68b16a064 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-80389 Malicious code in ocha-rendang10-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d4b2100f2b3d3afb837504c851e28a824be7af5419cd32395fddd860cfa1008 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-74620 Malicious code in nina-papeda56-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 696e74f915982c30805bfff9fea3fa9d8fc48105032864c499f6676f63696bb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in reliable-bronze-silverfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67477320dd2c845859b97365f5cfeec24ed1a51d06462ef1d9540cb09b672790 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in maya-taiwan91-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce60b5ae418f4c19ecacbda25572fdda44badeafb0c0d365ed29bb98e856f70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in patria-miemee43-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11e31720f32051fddb3985adc14caeb135c8845ca23c67658dbc8bd595368d8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-7719

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions...

CVE-2025-7719

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions...

CVE-2025-7719 Smallworld SWMFS Arbitrary File Ops

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.This issue affects Smallworld: 5.3.5. and previous versions...

PT-2025-45472

Name of the Vulnerable Software and Affected Versions GE Vernova Smallworld versions prior to 5.3.5 Description A flaw exists in GE Vernova Smallworld on Windows and Linux systems that allows for file manipulation due to an improper limitation of a pathname to a restricted directory, also known a...

GE Vernova Smallworld 安全漏洞

GE Vernova Smallworld is an asset and network management software from GE Vernova, USA. A security vulnerability exists in GE Vernova Smallworld version 5.3.5 and prior versions, which stems from improper pathname restrictions that could lead to file manipulation...

CVE-2025-64318

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...

PT-2025-45031

Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...

PT-2025-45034

Name of the Vulnerable Software and Affected Versions Salesforce Agentforce Vibes Extension versions prior to 3.2.0 Description An issue exists in Salesforce Agentforce Vibes Extension related to improper neutralization of input used for LLM prompting, potentially allowing manipulation of writabl...