240 matches found
EUVD-2021-8150
Malicious code in bioql PyPI...
EUVD-2024-36639
Malicious code in bioql PyPI...
EUVD-2024-25313
Malicious code in bioql PyPI...
EUVD-2022-38138
Malicious code in bioql PyPI...
EUVD-2023-32057
Malicious code in bioql PyPI...
ebram_web_scanner
EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...
CVE-2024-28192
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-48573
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...
CVE-2020-35847
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...
CVE-2020-35846
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...
CVE-2020-35666
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...
CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...
Exploit for CVE-2024-53900
CTF Challenge - Mongoose RCE CVE-2024-53900 Challenge Overvie...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...