10 matches found
Improper Authentication
Signal K Server is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated modification of internal server state via the /skServer/validateBackup endpoint, which allows an attacker to overwrite critical configuration files and hijack the administrator restore process to...
EUVD-2025-30778
Malicious code in bioql PyPI...
CVE-2025-10009
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...
CVE-2025-10009
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...
CVE-2025-10009
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...
CVE-2025-10009 Authenticated admin RCE in Invoice Ninja
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...
CVE-2025-10009 Authenticated admin RCE in Invoice Ninja
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...
PT-2025-38704
Name of the Vulnerable Software and Affected Versions Invoice Ninja versions prior to 5.11.73 Description A flaw exists in the admin "Restore" function that allows attackers with admin credentials to execute arbitrary code on the server. This is possible through the upload of malicious .php files...
CVE-2014-3135
Multiple cross-site scripting XSS vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to privatemessage/new/, 2 the folderid parameter to a private message in privatemessage/view, 3 a fragment indicator to /help, or 4 the vie...
CVE-2014-3135
Multiple cross-site scripting XSS vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to privatemessage/new/, 2 the folderid parameter to a private message in privatemessage/view, 3 a fragment indicator to /help, or 4 the vie...