33 matches found
EUVD-2025-2009
Malicious code in bioql PyPI...
EUVD-2025-2010
Malicious code in bioql PyPI...
EUVD-2024-44151
Malicious code in bioql PyPI...
EUVD-2024-44150
Malicious code in bioql PyPI...
EUVD-2024-33043
Malicious code in bioql PyPI...
CVE-2025-1108
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...
CVE-2025-1107
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...
CVE-2025-1107
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...
CVE-2025-1108
CVE-2025-1108 affects Janto, versions prior to r12. The issue is an insufficient data authenticity verification vulnerability that lets an unauthenticated attacker modify the content of password-reset emails by sending a crafted POST request that injects malicious content into the Xml parameter a...
CVE-2025-1107 Unverified password change vulnerability in Janto
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...
CVE-2025-1107 Unverified password change vulnerability in Janto
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoi...
CVE-2025-1107
CVE-2025-1107 affects Janto prior to r12. The vulnerability enables an unauthenticated attacker to change another user’s password by sending a crafted POST to /public/cgi/Gateway.php, due to an unverified password-change feature. Impact is a total compromise of password integrity for affected acc...
Janto Ticketing 数据伪造问题漏洞
Janto Ticketing is a ticketing software from Janto. A data forgery issue vulnerability exists in versions of Janto Ticketing prior to r12, which stems from insufficient data authenticity validation and allows an unauthorized user to change a password to reset the content of an email...
PT-2025-5972 · Janto · Janto
Name of the Vulnerable Software and Affected Versions: Janto versions prior to r12 Description: The issue allows an unauthenticated attacker to change another user's password without knowing their current password. To exploit this, the attacker must create a specific POST request and send it to t...
Janto Ticketing 安全漏洞
Janto Ticketing is a ticketing software from Janto. A security vulnerability exists in versions of Janto Ticketing prior to r12, which stems from the presence of an unauthenticated password change feature that allows an unauthorized user to change another person's password...
CVE-2024-10332
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”...
CVE-2024-10332
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”...
CVE-2024-10332
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”...