1070 matches found
EUVD-2023-38323
Malicious code in bioql PyPI...
EUVD-2023-55583
Malicious code in bioql PyPI...
EUVD-2025-24174
Malicious code in bioql PyPI...
EUVD-2023-56234
Malicious code in bioql PyPI...
EUVD-2025-8569
Malicious code in bioql PyPI...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342
Affected software : Perfex CRM v3.2.1. Vulnerability : HTML injection via stored input in the name parameter sent to POST /subscriptions/create. Root cause : insufficient validation/sanitization of user-supplied data in that endpoint. Impact : stored HTML injection; public-facing input could lead...
CVE-2025-10342 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
Perfex CRM 跨站脚本漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...
PT-2025-39815
Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /subscriptions/create API endpoint with malicious content in the...
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or...
GHSA-98F8-J56X-2HH4 Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or...
CVE-2025-11060
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...
CVE-2025-11060
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...
CVE-2025-11060 Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...
CVE-2025-11060
Affects SurrealDB. The flaw is in the database engine’s LIVE QUERY subscription mechanism (LIVE SELECT) that can cause record/guest users to observe unauthorized records within the same table by abusing how change notifications respect (or don’t respect) the user’s security context when other use...
CVE-2025-11060 Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...