2475 matches found
EUVD-2021-28174
Malicious code in bioql PyPI...
EUVD-2025-27856
Malicious code in bioql PyPI...
EUVD-2023-54167
Malicious code in bioql PyPI...
EUVD-2022-34207
Malicious code in bioql PyPI...
EUVD-2023-12516
Malicious code in bioql PyPI...
EUVD-2022-53449
Malicious code in bioql PyPI...
EUVD-2022-7025
Malicious code in bioql PyPI...
EUVD-2023-47568
Malicious code in bioql PyPI...
EUVD-2025-1552
Malicious code in bioql PyPI...
EUVD-2022-0870
Malicious code in bioql PyPI...
EUVD-2022-0104
Malicious code in bioql PyPI...
CVE-2025-54875
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
CVE-2025-59945
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-41244
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...
CVE-2025-41246 Improper authorisation vulnerability
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...
UBUNTU-CVE-2025-41244
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...
CVE-2025-11078 itsourcecode Open Source Job Portal controller.php unrestricted upload
A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out...
PT-2025-39701
Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...
CVE-2025-11041
A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...
CVE-2025-10817
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/adminuser.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made...