143 matches found
EUVD-2025-29650
Malicious code in bioql PyPI...
EUVD-2022-31769
Malicious code in bioql PyPI...
EUVD-2025-24152
Malicious code in bioql PyPI...
CVE-2025-57631
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module...
CVE-2025-57631
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module...
CVE-2025-57631
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module...
PT-2025-38072
Name of the Vulnerable Software and Affected Versions: TDuckCloud version 5.1 Description: A SQL Injection issue exists in TDuckCloud version 5.1, allowing a remote attacker to execute arbitrary code through the Add a file upload module. Recommendations: At the moment, there is no information abo...
CVE-2025-57631
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module...
CVE-2025-57631
TDuckCloud CVE-2025-57631 is a SQL injection affecting TDuckCloud v5.1 through the file-upload module, enabling a remote attacker to execute arbitrary code. The CVE’s metrics show a high-severity, network-exploitable impact with no user interaction required. The available connected documents conf...
PT-2025-34490 · Salesforce · Tableau Desktop +1
Name of the Vulnerable Software and Affected Versions: Tableau Server and Tableau Desktop versions prior to 2025.1.3 Tableau Server and Tableau Desktop versions prior to 2024.2.12 Tableau Server and Tableau Desktop versions prior to 2023.3.19 Description: A 'Type Confusion' vulnerability exists i...
CVE-2025-8859
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...
CVE-2025-8859
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...
CVE-2025-8859
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...
CVE-2025-8859 code-projects eBlog Site File Upload save-slider.php unrestricted upload
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...
CVE-2025-8859
CVE-2025-8859 affects code-projects’ eBlog Site 1.0, specifically the File Upload Module function in the file /native/admin/save-slider.php. The vulnerability involves unrestricted file upload, reported as exploitable remotely. Public disclosure exists, and multiple sources reinforce that an atta...
PT-2025-5648 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: PIMCORE affected versions not specified Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious script...
PT-2024-35410 · Hkcms · Hkcms
Name of the Vulnerable Software and Affected Versions: HkCms versions prior to 2.3.2.240702 Description: The issue concerns a file upload vulnerability in the getFileName method located in /app/common/library/Upload.php. Recommendations: For versions prior to 2.3.2.240702, consider disabling the...
WordPress plugin WP Awesome Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-20416
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker...
CVE-2024-20416
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker...