35 matches found
EUVD-2021-19534
Malware in sbrugna...
EUVD-2008-6727
Malware in sbrugna...
EUVD-2025-2888
Malicious code in bioql PyPI...
EUVD-2025-2890
Malicious code in bioql PyPI...
EUVD-2023-47507
Malicious code in bioql PyPI...
EUVD-2024-45833
Malicious code in bioql PyPI...
EUVD-2025-3089
Malicious code in bioql PyPI...
EUVD-2023-32453
Malicious code in bioql PyPI...
CVE-2025-26611 SQL Injection endpoint 'remover_produto.php' parameter 'id_produto' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, removerproduto.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...
CVE-2025-23034
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the tags.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge...
CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...
CVE-2023-48396
CVE-2023-48396 concerns an authentication bypass in Apache SeaTunnel (v1.0.0). The underlying issue is a hardcoded JWT secret in the application, enabling an attacker to forge tokens and log in as any user. The secret key can be retrieved from the file path shown in the reports (seatunnel-app/src...
CVE-2023-37898 Safe mode Cross-site Scripting (XSS) vulnerability in Joplin
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any...
CVE-2024-32482
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the...
Design/Logic Flaw
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
CVE-2023-43086
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation...
GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
Softwarebuero Zauner ARC Licensing Issue Vulnerability
Softwarebuero Zauner ARC is an application. softwarebuero Zauner ARC version 4.2.0.4 is vulnerable to an authorization issue, which stems from the fact that all permission checks are done on the client side instead of the server side. An attacker could exploit the vulnerability to gain privileges...
Workspace App 1912.1000 - Workspace App Update removes user created shortcuts from Desktop
Consider the following scenario: Users have created shortcuts of published applications manually on their Desktop and have also pinned it to the task bar. When the Receiver is upgraded from 4.9.6001 to Workspace App for Windows 1912 or 2006, on the first launch of a published app, the shortcuts...