CVE-2025-60511

Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...

CVE-2025-60511

The CVE-2025-60511 instance affects Moodle OpenAI Chat Block plugin 3.0.1, with an Insecure Direct Object Reference (IDOR) due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user’s block (e.g., admini...

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

CVE-2025-31702

CVE-2025-31702 describes a vulnerability in Dahua embedded products where a third-party with normal user credentials can access data restricted to admin privileges via a specific HTTP request, potentially tampering with the admin password and causing privilege escalation. Systems that are configu...

EUVD-2025-34517

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

PT-2025-42234

Name of the Vulnerable Software and Affected Versions Dahua embedded products affected versions not specified Description A security issue exists in Dahua embedded products. An attacker gaining normal user credentials can potentially access data restricted to administrator privileges, including...

EUVD-2018-21444

Malware in sbrugna...

EUVD-2021-14717

Malware in sbrugna...

EUVD-2023-55002

Malicious code in bioql PyPI...

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2025-59816 Authenticated Union based SQL-injection in the search input field

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

CVE-2025-59814 Unauthenticated SQL-injection in password field

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

Disclaimer This repository provides a Python 3 compatible exp...

CVE-2025-58362

Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...

Linux Distros Unpatched Vulnerability : CVE-2023-39515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability...

CVE-2025-43768

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...

Liferay Portal JSONWS API endpoint shares sensitive information

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...

GHSA-CV9J-MG9W-V7WM Liferay Portal JSONWS API endpoint shares sensitive information

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...