EUVD-2025-20172

Malicious code in bioql PyPI...

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-10251 FoxCMS Images.php batchCope sql injection

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-10251

FoxCMS

FoxCMS 安全漏洞

FoxCMS is a PHP-based content management system that provides web content management and publishing functions. A SQL injection vulnerability exists in FoxCMS 1.24 and earlier versions, which originates from the batchCope function in the /app/admin/controller/Images.php file that does not securely...

PT-2025-37181

Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.24 Description: A SQL injection issue exists in FoxCMS due to the manipulation of the ids argument within the batchCope function located in the /app/admin/controller/Images.php file. This allows for remote...

CVE-2025-53173

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...

CVE-2025-53174

CVE-2025-53174 concerns Huawei HarmonyOS with a stack overflow risk when parsing vector images during file preview. Multiple connected sources (CNVD-2025-15514, CNNVD-202507-642) specify affected versions as HarmonyOS 5.0.1 and 5.1.0, with the vulnerability enabling exploitation that can affect t...

CVE-2025-53173

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...

Bludit Directory Traversal Vulnerability

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit version 3.9.2. A remote attacker can exploit this vulnerability to execute code with the help of the bl-kernel/ajax/upload-images.php file...

CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is hugeitimagegalleryajaxcallback...

Pluck PHP Code Upload and Execution Vulnerability

Pluck is a simple content management system CMS written in PHP. A security vulnerability exists in the /data/inc/images.php file in Pluck versions prior to 4.7.7-dev2. A remote attacker can exploit this vulnerability by uploading an image/jpeg type .htaccess file to upload and execute arbitrary P...