10 matches found
EUVD-2025-31710
Malicious code in bioql PyPI...
EUVD-2025-31709
Malicious code in bioql PyPI...
CVE-2025-8122
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...
CVE-2025-8120
Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...
CVE-2025-7063
Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...
CVE-2025-8118 Bruteforce Protection Bypass in PAD CMS
PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...
CVE-2025-8118
Technical details for CVE-2025-8118 are not publicly available in the provided documents; no affected product/version or fix is described here. Monitor for updates.
CVE-2025-7063 Remote Code Execution via Unrestricted File Upload in PAD CMS
Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...
PT-2025-39971
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user in the article positioning functionality, leading to Blind SQL Injection...
PT-2023-12956 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include JavaScript code. This code is then stored and...