EUVD-2026-34289

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

Real Apple notifications are being used to drive tech support scams

Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers. According to a report from BleepingComputer, scammers create an Apple account and insert a phishing message into the personal information fields, then modify th...

WordPress WP Customer Area plugin < 8.2.1 - Subscriber+ Account Address Update vulnerability

Subscriber+ Account Address Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin WP Customer Area versions 8.2.1...

CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

UBUNTU-CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

CVE-2025-58053 Galette has a privilege escalation vulnerability

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

CVE-2025-58053

Summary: Galette, a membership management web app, has a privilege-escalation issue reported for versions prior to 1.2.0. Root cause (as described): An account update can be performed with a self-forged POST request that may grant higher privileges. The issue is addressed in version 1.2.0. Impact...

PT-2025-49250

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update account of the file /api/admin/update account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is...

Red Hat 3scale API Management Platform 安全漏洞

Red Hat 3scale API Management Platform is an infrastructure platform for API management from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that originates from unvalidated input...

EUVD-2002-1098

Malware in sbrugna...

EUVD-2016-9601

Malware in sbrugna...

EUVD-2015-4790

Malware in sbrugna...

EUVD-2017-5904

Malware in sbrugna...

EUVD-2025-31384

Malicious code in bioql PyPI...

EUVD-2022-6985

Malicious code in bioql PyPI...

E-Commerce Website admin_account_update.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /pages/adminaccountupdate.php. An attacker can exploit this vulnerabili...

CVE-2025-11036

A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2025-11036

A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2025-11036

A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2025-11036 code-projects E-Commerce Website admin_account_update.php sql injection

A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...