PT-2026-33757

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool call of the file apps/experimental/tools webhook/app.py of the component tools webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

CVE-2026-0642

A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and...

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

EUVD-2024-32655

Malicious code in bioql PyPI...

EUVD-2024-21035

Malicious code in bioql PyPI...

CVE-2025-53891

The CVE-2025-53891 entry affects the TIME LINE website (repository: timelineofficial/Time-Line-) where uploaded files (instruction/media) are not strictly validated for type/size. The root cause is insufficient validation, allowing renamed or oversized files that can cause malicious file uploads,...

CVE-2025-6567

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/viewapplication.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated...

CVE-2017-6511

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

CVE-2025-32779

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

CVE-2025-32779 labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

Cross-site Request Forgery (CSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to overly permissive CORS headers in app.py. Remediation There is no fixed version for agentscope. References - Vulnerability...

CVE-2025-24971

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely wh...

CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application by Carlo Montero Personal Developer. It is used to provide companies with possible members to apply for plans that offer certain services. A SQL injection vulnerability exists in Simple Subscription Website...

CVE-2024-2777

A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql...

CVE-2024-1302

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

Design/Logic Flaw

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

BVRP Software Avanquest Software SLmail Security Breach

BVRP Software Avanquest Software SLmail BVRP Software SLmail is an e-mail server solution from BVRP Software, France. A security vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433, which originates from the ability to retrieve credentials files, configuration files...

UBUNTU-CVE-2022-45188

Netatalk through 3.1.13 has an afpgetappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD used for TrueNAS...