168 matches found
EUVD-2025-35101
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
EUVD-2012-4418
Malware in sbrugna...
EUVD-2009-0352
Malware in sbrugna...
EUVD-2008-3357
Malware in sbrugna...
EUVD-2019-0796
Malware in sbrugna...
EUVD-2022-47945
Malicious code in bioql PyPI...
GHSA-J6XF-JWRJ-V5QP Coder vulnerable to privilege escalation could lead to a cross workspace compromise
Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...
PT-2025-36626
Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...
CVE-2025-9662
CVE-2025-9662 affects code-projects Simple Grading System 1.0, specifically the Admin Panel’s login.php. The vulnerability is a SQL injection in an unknown function of /login.php, exploitable remotely and publicly disclosed. Multiple sources corroborate an SQL injection risk impacting the authent...
CVE-2025-9401
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...
CVE-2025-8964
A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...
MAL-2025-32880 Malicious code in secure_identity_login_module (npm)
The package secureidentityloginmodule was found to contain malicious code...
CVE-2025-8964 code-projects Hostel Management System Login hostel_manage.exe improper authentication
A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostelmanage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed ...
PT-2025-106: Local file read leads to Server-Side Request Forgery (SSRF) in FreeScout
The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to read server‑side files and issue requests to the local network, resulting in a Server‑Side Request Forgery SSRF condition. Vulnerability status: Confirmed by vendor Date of...
PT-2025-116: Server‑Side Request Forgery (SSRF) in FreeScout
The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to issue requests to restricted‑access servers, enabling internal‑network reconnaissance and subsequent attacks. Vulnerability status: Confirmed by vendor Date of vulnerability...
Drupal Mail Login module < 3.2.0,4.0.0-4.1.0 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Ryugo Kinoshita dc-kinoshita in WordPress Module Mail Login versions 3.2.0,4.0.0-4.1.0...
Astra Linux – Vulnerability in pam-pkcs11
PAM-PKCS11 is a Linux-PAM login module that enables user login using X.509 certificates. Prior to version 0.6.13, if certpolicy was set to none the default value, then pampkcs11 would only check whether the user was capable of logging into the token. An attacker could create a new token using the...
Remote Code Execution (RCE)
org.apache.kafka, kafka is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and unrestricted setting of the sasl.jaas.config property in Kafka Connect configurations, which allows an attacker to specify malicious LDAP login modules that trigger unsafe Java...
GHSA-MCWH-C9PG-XW43 Apache Kafka Deserialization of Untrusted Data vulnerability
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
CVE-2025-27818
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...