EUVD-2021-27892

Malicious code in bioql PyPI...

EUVD-2022-2445

Malicious code in bioql PyPI...

EUVD-2023-53715

Malicious code in bioql PyPI...

EUVD-2022-6287

Malicious code in bioql PyPI...

EUVD-2024-27297

Malicious code in bioql PyPI...

EUVD-2025-15093

Malicious code in bioql PyPI...

CVE-2025-8530 elunez eladmin Druid application-prod.yml default credentials

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument...

CVE-2025-8512

A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application...

CVE-2025-7346

CVE-2025-7346 affects pyload’s web UI (cnl_blueprint.py) where a local_check middleware validates requests based on REMOTE_ADDR and Host header. An unauthenticated attacker can bypass localhost restrictions by setting Host to 127.0.0.1:9666 or localhost variants, enabling actions like adding arbi...

CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a...

PT-2025-27554 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 25.5.0 Description: The issue allows an attacker with a malicious OAuth application registered with Sentry to take advantage of a race condition and improper handling of authorization code within Sentry, maintaining...

CVE-2024-26276

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

CVE-2023-41720

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure ICS appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated executio...

CVE-2020-1812

HUAWEI P30 smartphones with versions earlier than 10.0.0.173C00E73R1P11 have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2019-5228

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193C00E190R1P21, Versions earlier than VOGUE-AL00A 9.1.0.193C00E190R1P12, Versions earlier than Princeton-AL10B 9.1.0.233C00E233R4P3 have a race condition vulnerability. The system does not...

CVE-2019-13932

A vulnerability has been identified in XHQ All versions V6.0.0.2. The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack cou...

CVE-2018-17022

Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.38432738 allows remote attackers to cause a denial of service device crash or possibly have unspecified other impact by setting a long shpath0 value and then sending an appGet.cgi?hook=selectlist"StoragexSharedPath" request,...

Feng Office 3.11.1.2 - SQL Injection

Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...

Webmin Usermin 2.100 - Username Enumeration

Exploit Title: Webmin Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...