EUVD-2023-23913

Malicious code in bioql PyPI...

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

PT-2025-31974 · Shopware · Shopware 6

Name of the Vulnerable Software and Affected Versions: Shopware 6 affected versions not specified Description: A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface. The c database schema field does not properly sanitize user-supplied input before renderi...

CVE-2025-51541

Shopware 6 stores user input in /recovery/install/database-configuration/ via the c_database_schema field without proper sanitization, enabling stored XSS. The issue can be triggered through a CSRF-enabled POST; lack of CSRF protections allows an unauthenticated attacker to craft a page that stor...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...

CVE-2023-1685

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

PYSEC-2025-9

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

CVE-2023-1685

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

CVE-2023-1685

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

Command injection

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

CVE-2023-1685 HadSky Installation Interface index.php command injection

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

PT-2023-17168 · Hadsky · Hadsky

Name of the Vulnerable Software and Affected Versions: HadSky versions up to 7.11.8 Description: A critical issue has been found, affecting the Installation Interface component, specifically the /install/index.php file. This issue leads to command injection and can be initiated remotely. The...

HadSky 命令注入漏洞

HadSky is an original open source php light forum system from China's HadSky company. A security vulnerability exists in HadSky versions prior to 7.11.8, which stems from unknown code in the /install/index.php file of the component Installation Interface, resulting in command injection...

Debian DSA-4917-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer...