164 matches found
EUVD-2015-2148
Malware in sbrugna...
EUVD-2019-4057
Malware in sbrugna...
EUVD-2018-8453
Malware in sbrugna...
EUVD-2008-6128
Malware in sbrugna...
EUVD-2020-27399
Malware in sbrugna...
EUVD-2025-24136
Malicious code in bioql PyPI...
TYPO3 Bookmark Toolbar vulnerable to denial of service
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...
CVE-2025-8838
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...
CVE-2025-8838
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...
PT-2025-32531 · Winterchens · My-Site
Name of the Vulnerable Software and Affected Versions: WinterChenS my-site affected versions not specified Description: A vulnerability exists in the preHandle function of the /admin/ file within the Backend Interface component. Manipulation of the uri argument results in improper authentication...
CVE-2025-7510
A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/productaddback.php. The manipulation of the argument namepro leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2024-3431
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin=Field=channeledit of the component Backend. The manipulation of the argument channelid leads to deserialization. The attack can be initiated remotel...
CVE-2020-25445
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
Server-side Request Forgery (SSRF)
Overview typo3/cms-webhooks is a Handle outgoing Webhooks for TYPO3 Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can manipulate internal resources by sending crafted requests from a compromised or malicious external site. This is only exploitab...
PT-2025-20601 · Unknown · Jadmin-Java
Name of the Vulnerable Software and Affected Versions: JAdmin-JAVA JAdmin version 1.0 Description: A critical vulnerability was found in the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to...
JAdmin 授权问题漏洞
JAdmin is JAdmin-JAVA open source a Java language based rapid development platform. JAdmin 1.0 version of the authorization problem vulnerability, the vulnerability stems from the file NoNeedLoginController.java in the Admin Backend component of the toLogin function has improper authentication...
CVE-2020-6249
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
PT-2024-25956
Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 10.4.46 ELTS TYPO3 versions prior to 11.5.40 LTS TYPO3 versions prior to 12.4.21 LTS TYPO3 versions prior to 13.3.1 Description The issue allows for denial of service, causing an interface error in the Bookmark Toolbar,...
PT-2024-39536 · Unknown · Huankemao Scrm
Name of the Vulnerable Software and Affected Versions: HuankeMao SCRM versions up to 0.0.3 Description: A critical issue has been found in the Administrator Backend component, specifically in the function upload domain verification file of the file WxkConfig.php. The manipulation of the argument...