CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589

CodeAstro Gym Management System 1.0 has a SQL injection in /admin/user-payment.php triggered by manipulating the plan parameter. The vulnerability is exploitable remotely and an exploit has been released publicly. The exact root cause is an insecure handling of the plan argument leading to SQL in...

EUVD-2025-28745

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

PT-2025-41608

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/user-payment.php file. Manipulation of th...

CVE-2025-61999

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

CVE-2025-61999

CVE-2025-61999 affects OPEXUS FOIAXpress before 11.13.3.0. An administrative user can upload an SVG image (logo) containing JavaScript or other content, causing stored XSS when other users view affected pages. This can enable the admin to perform actions on behalf of target users, including steal...

CVE-2025-61996 OPEXUS FOIAXpress stored XSS via annual report template

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...

open-vm-tools: Local privilege escalation in open-vm-tools

A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...

EUVD-2021-1286

Malware in sbrugna...

EUVD-2019-6588

Malware in sbrugna...

EUVD-2008-6211

Malware in sbrugna...

EUVD-2019-10695

Malware in sbrugna...

EUVD-2020-21394

Malware in sbrugna...

EUVD-2020-8571

Malware in sbrugna...

EUVD-2018-11060

Malware in sbrugna...

EUVD-2021-10314

Malware in sbrugna...

EUVD-2006-4456

Malware in sbrugna...

EUVD-2021-23409

Malware in sbrugna...

EUVD-2020-24500

Malware in sbrugna...