EUVD-2025-24635

Malicious code in bioql PyPI...

EUVD-2024-0621

Malicious code in bioql PyPI...

EUVD-2022-3247

Malicious code in bioql PyPI...

EUVD-2024-47563

Malicious code in bioql PyPI...

EUVD-2025-28872

Malicious code in bioql PyPI...

EUVD-2025-31382

Malicious code in bioql PyPI...

CVE-2025-43818

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

Liferay Portal vulnerable to cross-site scripting in the Calendar widget

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

CVE-2025-43818

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

CVE-2025-43820

A validated XSS vulnerability in the Liferay Calendar widget allows remote attackers to inject arbitrary scripts via crafted input in the user’s First Name, Middle text, or Last Name fields. Affected are Liferay Portal 7.4.3.35–7.4.3.110 and Liferay DXP 2023.Q4.0–2023.Q4.4, plus 7.3 Update 25–35 ...

CVE-2025-11070

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

PT-2025-39908

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.110 Liferay DXP versions 2023.Q4.0 through 2023.Q4.4 Liferay DXP versions 2023.Q3.1 through 2023.Q3.6 Liferay Portal versions 7.4 update 35 through update 92 Liferay Portal version 7.3 update 25...

PT-2025-39913

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.74 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay DXP update 74 through update 92 Description The software contains multiple reflected...

CVE-2025-11121

CVE-2025-11121 is a command-injection vulnerability in the Tenda AC18 (firmware 15.03.05.19) related to the function in the file /goform/AdvSetLanip where the argument lanIp is mishandled. The attack is remote and the exploit has been publicly disclosed. The impact is described as high (per CVSS ...

CVE-2025-11111

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to...

CVE-2025-11109

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/usedit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-11110 Campcodes Online Learning Management System school_year.php sql injection

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/schoolyear.php. The manipulation of the argument schoolyear results in sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2025-11109 Campcodes Computer Sales and Inventory System us_edit.php sql injection

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/usedit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-11100 D-Link DIR-823X set_wifi_blacklists uci_set command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

PT-2025-39782

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Online Voting Management System version 1.0 Description A flaw exists in Campcodes Advanced Online Voting Management System version 1.0. The issue involves the manipulation of the ID argument within the file /admin/candidate...