55 matches found
PT-2026-41169
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...
CVE-2026-42291
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
EUVD-2026-14289
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...
CVE-2026-4540
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
CVE-2026-4540
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
Projectworlds Online Notes Sharing System 安全漏洞
Projectworlds Online Notes Sharing System is an online note-sharing system developed under the open-source Projectworlds framework. Version 1.0 of the Projectworlds Online Notes Sharing System contains a security vulnerability, which stems from incorrect handling of the User parameter in the...
CVE-2025-12862
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...
CVE-2025-12862
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...
CVE-2025-12862
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...
CVE-2025-12862
CVE-2025-12862 affects projectworlds Online Notes Sharing Platform 1.0. The vulnerability is in the file /dashboard/userprofile.php where manipulation of the image argument enables unrestricted file uploads. The issue is exploitable remotely and an exploit is publicly available. Multiple connecte...
PT-2025-45467
Name of the Vulnerable Software and Affected Versions projectworlds Online Notes Sharing Platform version 1.0 Description A flaw exists in projectworlds Online Notes Sharing Platform that allows for unrestricted file uploads. This issue is related to the manipulation of the image argument within...
Projectworlds Online Notes Sharing Platform 安全漏洞
Projectworlds Online Notes Sharing Platform is an online notes sharing platform from Projectworlds India. A security vulnerability exists in Projectworlds Online Notes Sharing Platform version 1.0, which stems from an incorrect manipulation of the parameter image in the file...
EUVD-2025-24665
Malicious code in bioql PyPI...
EUVD-2023-59238
Malicious code in bioql PyPI...
EUVD-2023-59239
Malicious code in bioql PyPI...
EUVD-2023-59241
Malicious code in bioql PyPI...
EUVD-2025-20327
Malicious code in bioql PyPI...
EUVD-2023-59242
Malicious code in bioql PyPI...
CVE-2025-8946
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...