232 matches found
EUVD-2022-42794
Malicious code in bioql PyPI...
EUVD-2024-49270
Malicious code in bioql PyPI...
EUVD-2022-38921
Malicious code in bioql PyPI...
EUVD-2022-51773
Malicious code in bioql PyPI...
EUVD-2023-37572
Malicious code in bioql PyPI...
CVE-2025-9008
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/smssetting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-9008
The CVE-2025-9008 entry concerns itsourcecode Online Tour and Travel Management System 1.0. Vulnerability: SQL injection via the uname parameter in the file /admin/sms_setting.php, allowing remote exploitation. Multiple connected sources corroborate the same flaw, with impact described as high fo...
itsourcecode Online Tour and Travel Management System 注入漏洞
itsourcecode Online Tour and Travel Management System is itsourcecode open source an online tour and travel management system . An injection vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which is caused by incorrect manipulation of the parameter una...
Microsoft GitHub Copilot and Visual Studio 命令注入漏洞
GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...
CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...
CVE-2025-54135
Cursor before v1.3.9 allows prompt-injection via MCP MCP server data to auto-run and write to ~/.cursor/mcp.json, enabling RCE when processing external content. Affected: Cursor AI code editor (Cursor) in-workspace file writes without user approval; dotfiles require approval but new dotfiles do n...
CVE-2025-26062
CVE-2025-26062 describes an access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 that allows unauthenticated access to the router’s settings file and potential exposure of sensitive information. Affected products are Intelbras RX1500 (v2.2.9) and RX3000 (v1.0.11). The root cause is ...
CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...
Roo Code 安全漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A security vulnerability exists in Roo Code versions prior to 3.22.6, which stems from an attacker being able to submit a prompt to write to a VS Code settings file and trigger code execution, potentially leading to remote code...
CVE-2025-5661
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...
CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...
Cisco Meraki Settings
This plugin configures the Cisco Meraki Integration. TRUSTED...
Juzaweb CMS 安全漏洞
Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which stems from improper access control in the file /admin-cp/setting/system/general...
Teledyne FLIR AX8 命令注入漏洞
Teledyne FLIR AX8 is a U.S. etc are products of the U.S. Teledyne FLIR company.Teledyne FLIR AX8 is a series of thermal surveillance cameras.TanStack form etc are products of the TanStack open source. form is a form status manager.FLIR AX8 etc are products of the U.S. FLIR AX8 is a thermal sensor...
CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...