19 matches found
EUVD-2010-3883
Malware in sbrugna...
EUVD-2025-9519
Malicious code in bioql PyPI...
EUVD-2023-28830
Malicious code in bioql PyPI...
EUVD-2025-1782
Malicious code in bioql PyPI...
EUVD-2023-31579
Malicious code in bioql PyPI...
CVE-2023-36213
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...
CVE-2023-27845
SQL injection vulnerability found in PrestaShop lekerawenocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components...
CVE-2013-2279
CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...
CVE-2025-28401
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter...
CVE-2025-28410
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges...
CVE-2025-28401
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter...
PT-2025-3977 · Aenrich Technology · A+Hrd
Name of the Vulnerable Software and Affected Versions: a+HRD from aEnrich Technology affected versions not specified Description: The issue is related to an Insecure Deserialization vulnerability. This vulnerability allows remote attackers with database modification privileges and regular system...
HWA JIUH DIGITAL Easy test Online Learning and Testing Platform SQL注入漏洞
HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an easy test online learning and testing platform from HWA JIUH DIGITAL. A SQL injection vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from failure to...
CVE-2022-39997
CVE-2022-39997 affects Teldat RS123/RS123w routers through a weak password requirement that enables a remote attacker to escalate privileges. The Red Hat, NVD, CVE listings, and third-party sources consistently describe a credential-policy weakness in the router’s authentication flow that can lea...
AguardNet Space Management System Cross-Site Scripting Vulnerability
AguardNet Space Management System is a space management system from China-based AguardNet. A cross-site scripting vulnerability exists in AguardNet Space Management System versions prior to 2024-04-09-3302, which stems from not properly filtering user input, allowing a remote attacker with regula...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
...
Juniper Junos Administrator Privilege Acquisition Vulnerability
Juniper Junos is a network operating system dedicated to the company's hardware systems. A security vulnerability exists in Juniper Junos that could be exploited by a remote attacker to submit a special request to gain administrator privileges...
CVE-2004-0165
Format string vulnerability in Point-to-Point Protocol PPP daemon pppd 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges...
CVE-2002-0579
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password...