742 matches found
EUVD-2023-2092
Malicious code in bioql PyPI...
EUVD-2023-37999
Malicious code in bioql PyPI...
EUVD-2021-33068
Malicious code in bioql PyPI...
EUVD-2023-43819
Malicious code in bioql PyPI...
EUVD-2025-25893
Malicious code in bioql PyPI...
EUVD-2025-27982
Malicious code in bioql PyPI...
EUVD-2021-8090
Malicious code in bioql PyPI...
EUVD-2022-42937
Malicious code in bioql PyPI...
EUVD-2025-30448
Malicious code in bioql PyPI...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
CVE-2025-57423 concerns MyClub 0.5. A SQL injection vulnerability exists in the /articles API endpoint, where insufficient input sanitisation affects the query parameters Content , GroupName , PersonName , lastUpdate , pool , and title . An unauthenticated remote attacker can craft a GET request ...
CVE-2025-59535
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
Dotnetnuke < 10.1.0 Loading unused themes on annonymous clients through query parameters (CVE-2025-59535)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....
CVE-2025-59535
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Skin feature. An attacker can cause unauthorized theme loading and potentially execute arbitrary code by supplying crafted query parameters to load unused or outdated themes. Remediation Upgrade...
GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on...