EUVD-2025-2874

Malicious code in bioql PyPI...

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

JMBroadcast JMB0150 Firmware 安全漏洞

JMBroadcast JMB0150 Firmware is a firmware from JMBroadcast. A security vulnerability exists in JMBroadcast JMB0150 Firmware version v1.0, which stems from improper access control of the HOME.php endpoint, which could lead to unauthorized access to the administration panel...

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

CVE-2025-22599

The CVE-2025-22599 issue affects the WeGIA web manager (WeGIA) and relates to a Reflected Cross-Site Scripting (XSS) vulnerability in the home.php endpoint via the msg_c parameter. The root cause is a reflected XSS flaw that allows injection of malicious scripts. Affected versions are prior to 3....

CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

PT-2024-31989 · Ypay · Ypay

Name of the Vulnerable Software and Affected Versions: YPay version 1.2.0 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php, which is called from app/admin/controller/ypay/Home.php. The fi...