42 matches found
Cloudlog - SQL Injection
Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...
CVE-2026-54283 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...
CVE-2026-54283
Starlette (Python-starlette) from 0.4.1 through 1.3.1 is affected by CVE-2026-54283, where request.form() fails to apply max_fields/max_part_size for application/x-www-form-urlencoded, allowing an unauthenticated attacker to send a URL-encoded body with unbounded fields or field size. This result...
Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...
openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...
PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger
A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...
Important: golang
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...
CVE-2020-10078
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...
EUVD-2020-2543
Malware in sbrugna...
EUVD-2024-22199
Malicious code in bioql PyPI...
EUVD-2025-18626
Malicious code in bioql PyPI...
CVE-2025-59742
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACKREQUESTFRMSQL.ASP'...
CVE-2025-59742
AndSoft e-TMS v25.03 contains a SQL injection vulnerability in the USRMAIL parameter of /inc/login/TRACK_REQUESTFRMSQL.ASP. The issue arises from lack of validation of externally supplied SQL statements, allowing a POST request to retrieve, create, update, and delete databases. Affected component...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
CVE-2025-46157 affects EfroTech Time Trax v1.0, specifically the Leave Request form in the Attendance module. The issue is an unrestricted file upload/weak server-side validation that enables remote code execution (RCE) by uploading a crafted file (e.g., changing a .txt to .asp). The CVSS v3.1 ba...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax
CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...