CVE-2025-12342

Serdar Bayram Ghost Hot Spot contains a SQL injection flaw in the Login component, originating from an unknown function in /Auth.php. The issue affects versions up to 20251014 (PTSecurity notes later versions as 20251015+). Exploitation can be conducted remotely; multiple sources indicate the exp...

EUVD-2025-35101

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

EUVD-2019-0796

Malware in sbrugna...

EUVD-2008-3357

Malware in sbrugna...

EUVD-2009-0352

Malware in sbrugna...

EUVD-2012-4418

Malware in sbrugna...

EUVD-2022-47945

Malicious code in bioql PyPI...

GHSA-J6XF-JWRJ-V5QP Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

PT-2025-36626

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

CVE-2025-9662

CVE-2025-9662 affects code-projects Simple Grading System 1.0, specifically the Admin Panel’s login.php. The vulnerability is a SQL injection in an unknown function of /login.php, exploitable remotely and publicly disclosed. Multiple sources corroborate an SQL injection risk impacting the authent...

CVE-2025-9401

A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...

MAL-2025-32880 Malicious code in secure_identity_login_module (npm)

The package secureidentityloginmodule was found to contain malicious code...

CVE-2025-8964 code-projects Hostel Management System Login hostel_manage.exe improper authentication

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...

PT-2025-116: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to issue requests to restricted‑access servers, enabling internal‑network reconnaissance and subsequent attacks. Vulnerability status: Confirmed by vendor Date of vulnerability...

PT-2025-106: Local file read leads to Server-Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to read server‑side files and issue requests to the local network, resulting in a Server‑Side Request Forgery SSRF condition. Vulnerability status: Confirmed by vendor Date of...

Drupal Mail Login module < 3.2.0,4.0.0-4.1.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Ryugo Kinoshita dc-kinoshita in WordPress Module Mail Login versions 3.2.0,4.0.0-4.1.0...

Remote Code Execution (RCE)

org.apache.kafka, kafka is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and unrestricted setting of the sasl.jaas.config property in Kafka Connect configurations, which allows an attacker to specify malicious LDAP login modules that trigger unsafe Java...

GHSA-MCWH-C9PG-XW43 Apache Kafka Deserialization of Untrusted Data vulnerability

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...