EUVD-2025-12619

Malicious code in bioql PyPI...

EUVD-2025-6845

Malicious code in bioql PyPI...

PT-2025-21027 · Undefined · Undefined

New CVE-2025-99999999 CVSS:11.0 Supercritical: if an attacker can mind-control an administrator, they can perform actions as that administrator leading to total compromise. This should be prioritized over all other risks and best practices...

Dust: Privilege Persistence via Cloned Agent

The vulnerability allowed a member to clone an agent managed by the admin by modifying the agent's unique identifier sid. This resulted in the admin being unable to effectively disable the agent, as the cloned version could still be used by the member even after the original agent was disabled...

CVE-2025-20156 Cisco Meeting Management Client-Server Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

PT-2025-20233

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem software is affected by an unauthenticated XML External Entity XXE issue in the lshw processing functionality. Exploitation of this issue may allow a remote attacker to tak...

CVE-2024-51484

CVE-2024-51484 concerns Ampache, a web-based audio/video streaming app. The issue is in how the platform validates CSRF tokens during activation/deactivation of controllers: the token parsing/validation path does not properly secure these state-changing requests, enabling CSRF-style abuse to togg...

GHSA-X525-54HF-XR53 Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

Input validation

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

GHSA-FWCF-753V-FGCJ Unrestricted file upload in kiwi TCMS

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. In earlier versions there is no control over what kinds of files can be uploaded. Thus a malicious actor may upload an .exe file or a file containing embedded JavaScript and trick others into clicking on these fil...

Unrestricted file upload in kiwi TCMS

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. In earlier versions there is no control over what kinds of files can be uploaded. Thus a malicious actor may upload an .exe file or a file containing embedded JavaScript and trick others into clicking on these fil...

CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

Design/Logic Flaw

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

Orange Station 1.0 SQL Injection

Title: Orange Station 1.0 SQLi Author: nu11secur1ty Date: 0.16.2022 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

Fast Food Ordering System 1.0 SQL Injection Vulnerability

Title: Fast Food Ordering System 1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...

Fast Food Ordering System 1.0 SQL Injection

Title: Fast Food Ordering System 1.0 SQLi Author: nu11secur1ty Date: 05.30.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...

Online Fire Reporting System 1.0 SQL Injection

Title: Online Fire Reporting System 1.0 SQLi Author: nu11secur1ty Date: 05.24.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html Reference:...

School Dormitory Management 1.0 SQL Injection

Title: School Dormitory Management 1.0 SQLi Author: nu11secur1ty Date: 05.09.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Reference:...

School Dormitory Management System 1.0 SQL Injection Vulnerability

Title: School Dormitory Management 1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Reference:...