39 matches found
@antv/f-charts (=0.0.0), @antv/f-lottie (>=0.0.1 <=1.10.0) +14 more potentially affected by unknown CVE via @antv/f-engine (>=1.0.10 <=1.10.0)
@antv/f-engine NPM version =1.0.10, =0.0.1, =0.0.1, =1.0.1, =0.0.1, =1.0.1, =5.0.27, =5.0.0-alpha.1, =5.0.0-alpha.1, =5.0.1, =0.0.1, =0.0.1-alpha.1, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3882...
CVE-2026-7148 CodeAstro Online Classroom addnewfaculty sql injection
A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...
Huawei EulerOS: Security Advisory for augeas (EulerOS-SA-2026-1154)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-1366
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been...
WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Reloadly versions = 2.0.1...
CVE-2025-11603 code-projects Simple Food Ordering System editproduct.php sql injection
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...
WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Enzy versions 1.6.4...
EUVD-2025-16603
Malicious code in bioql PyPI...
EUVD-2025-8868
Malicious code in bioql PyPI...
EUVD-2024-34244
Malicious code in bioql PyPI...
PT-2025-31775 · Code Projects · Human Resource Integrated System
Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the /insert-and-view/action.php fil...
PT-2025-24018 · Sourcecodester · Sourcecodester Student Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the Division System Page component, specifically in the /script/academic/division-system file. The issue is related to the manipulation of t...
WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Private Messages for UserPro versions = 4.10.0...
CVE-2024-1702 keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection
A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the publi...
CVE-2024-1116 openBI Upload.php index unrestricted upload
A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...
Micro Focus GroupWise Session ID Disclosure
Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...
CVE-2014-125078 yanheven console horizon.instances.js cross site scripting
A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identifie...
CVE-2020-36630 FreePBX cdr Cdr.class.php ajaxHandler sql injection
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...
dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service
A vulnerability was found in the DPDK package. Affected versions of this package are vulnerable to denial of service DoS attacks, affecting system availability...
master-chisto78.ru Improper Access Control vulnerability OBB-2266481
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...