EUVD-2025-2101

Malicious code in bioql PyPI...

EUVD-2025-2100

Malicious code in bioql PyPI...

CVE-2025-1271

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

CVE-2025-1270

Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...

CVE-2025-1270

Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...

CVE-2025-1271

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

CVE-2025-1271

CVE-2025-1271: Reflected XSS in Anapi Group's h6web. A malicious URL can trigger JavaScript in the user’s browser, potentially stealing data or allowing unauthorized actions. CVSSv3.1 base score 6.1 (Network, Low/Moderate impact; user interaction required; changed scope). Connected sources provid...

CVE-2025-1270

CVE-2025-1270 describes an IDOR vulnerability in Anapi Group’s h6web. An authenticated attacker can access other users’ information by sending a POST to /h6web/ha_datos_hermano.php and altering the pkrelated parameter to reference a different user, with the first request potentially enabling impe...