CVE-2025-27550

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...

CVE-2025-27550

CVE-2025-27550 concerns IBM Jazz Reporting Service (LQE). The issue: an authenticated user on the host network could obtain sensitive information about other projects resident on the server, indicating an information-disclosure vulnerability. IBM bulletin details affected products/versions and fi...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

PT-2026-5894

Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service affected versions not specified Description An authenticated user on the host network may be able to obtain sensitive information about other projects residing on the server. Recommendations At the moment, there is n...

CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

CVE-2025-69970

CVE-2025-69970 affects FUXA v1.2.7, where an insecure default configuration exists in server/settings.default.js: the secureEnabled flag is commented out, causing authentication to be disabled on startup. This enables unauthenticated remote access to sensitive API endpoints, with capabilities to ...

Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

MAL-2026-618 Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering

Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1535 code-projects Online Music Site AdminReply.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1535 code-projects Online Music Site AdminReply.php sql injection

A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1533 code-projects Online Music Site AdminAddCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

CVE-2026-1533 affects code-projects Online Music Site 1.0. The vulnerability is a remotely exploitable SQL injection in an unknown function of the file /Administrator/PHP/AdminAddCategory.php. Publicly available exploits/payloads have been released, increasing risk of remote compromise. No vendor...

CVE-2025-69563

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter...

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters related to files, administrators, and the...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters related to files, administrators, PHP, and...