61 matches found
EUVD-2020-24958
Malware in sbrugna...
EUVD-2024-54612
Malicious code in bioql PyPI...
EUVD-2025-29107
Malicious code in bioql PyPI...
CVE-2025-10389
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...
CVE-2025-10389
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...
CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...
CVE-2025-10389
CVE-2025-10389 affects CRMEB up to version 5.6.1. The vulnerability is in the Save function of app/services/system/admin/SystemAdminServices.php (Administrator Password Handler). Manipulating the ID argument can lead to improper authorization, with remote exploitation possible. Multiple sources c...
PT-2025-37399
Name of the Vulnerable Software and Affected Versions: CRMEB versions up to 5.6.1 Description: A security flaw exists in CRMEB due to improper authorization when manipulating the ID argument within the Save function of the app/services/system/admin/SystemAdminServices.php file, specifically in th...
CVE-2025-6867
A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has...
SourceCodester Simple Company Website 安全漏洞
SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. A security vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...
Privilege Escalation
org.wso2.am, am-parent, org.wso2.is, identity-server-parent are vulnerable to privilege escalation. The vulnerability is due to improper validation and access control in the SOAP admin services, which allows attackers to assign elevated privileges to self-registered users under specific deploymen...
CVE-2024-7074
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an...
CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an...
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services
A server-side request forgery SSRF vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the networ...
Incorrect Authorization
Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw ...
Incorrect Authorization
Overview org.wso2.am:am-parent is a WSO2 API Manager - Aggregator Module Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw in SOAP admin services. An attacker can create a new user with elevated permissions by exploiting accessible SOAP admin...
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...
GHSA-J63J-7R7R-5V4J WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...
CVE-2024-7096
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...
CVE-2024-7096
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...