33 matches found
EUVD-2024-17394
Malicious code in bioql PyPI...
EUVD-2024-47301
Malicious code in bioql PyPI...
EUVD-2024-47607
Malicious code in bioql PyPI...
EUVD-2024-17320
Malicious code in bioql PyPI...
EUVD-2025-27941
Malicious code in bioql PyPI...
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3895
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...
CVE-2025-3894
CVE-2025-3894 concerns MegaBIP: the text editor embedded in MegaBIP does not neutralize user input, enabling Stored XSS attacks across users. The issue requires high privileges to use the editor, with impact limited to if exploited in authenticated contexts as described; affected version detected...
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3895
CVE-2025-3895 affects MegaBIP; tokens used for resetting passwords are generated from a small space of random values combined with a queryable value. This allows an unauthenticated attacker who knows user login names to brute force reset tokens and change account passwords, including administrato...
CVE-2024-1659
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...
CVE-2024-6160
SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1...
CVE-2024-6527
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13...
PT-2025-22649 · Megabip · Megabip
Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The text editor embedded into MegaBIP software does not neutralize user input, allowing Stored XSS attacks on other users. High privileges are required to use the editor. Recommendations: For versio...
MegaBIP 安全漏洞
MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP versions prior to 5.20, which stems from a password reset token being generated with too little space, which could lead to a brute force attack...
PT-2025-22650 · Megabip · Megabip
Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The issue arises from the generation of password reset tokens in MegaBIP software, which uses a small space of random values combined with a queryable value. This allows an unauthenticated attacker...
CVE-2024-6880
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt...
CVE-2024-6880 CSRF in MegaBIP
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt...