849 matches found
EUVD-2022-49806
Malicious code in bioql PyPI...
EUVD-2023-35075
Malicious code in bioql PyPI...
EUVD-2023-48481
Malicious code in bioql PyPI...
EUVD-2021-32624
Malicious code in bioql PyPI...
EUVD-2024-1192
Malicious code in bioql PyPI...
EUVD-2023-35354
Malicious code in bioql PyPI...
EUVD-2023-43015
Malicious code in bioql PyPI...
EUVD-2021-27865
Malicious code in bioql PyPI...
EUVD-2021-27864
Malicious code in bioql PyPI...
PT-2025-36734
Name of the Vulnerable Software and Affected Versions: APTIOV affected versions not specified Description: APTIOV contains vulnerabilities in the BIOS that could allow a privileged user to cause a “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” throug...
AMI AptioV 安全漏洞
AMI AptioV is a firmware-related editor from AMI USA. A security vulnerability exists in AMI AptioV, which originates from a privileged user in the BIOS that could lead to writing arbitrary data and sensitive information disclosure, which could lead to information disclosure and arbitrary data...
CVE-2024-13979
A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
PT-2025-34475 · Yoosee · Yoosee
Name of the Vulnerable Software and Affected Versions: Yoosee version 6.32.4 Description: An SQL injection flaw exists in the Yoosee application that allows authenticated users to inject arbitrary SQL queries through a request to a backend API endpoint. Successful exploitation can lead to the...
CVE-2025-5296
Schneider Electric SESU (Software Update) contains CWE-59: Improper Link Resolution Before File Access ('Link Following'). A low-privileged attacker who tampers with the installation folder could cause arbitrary data to be written to protected locations, potentially enabling privilege escalation,...
CVE-2025-5296
CWE-59: Improper Link Resolution Before File Access 'Link Following' vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent...
GO-2025-3807 Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points in github.com/edgelesssys/contrast...
VulnCheck KEV: CVE-2025-35939
Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with...
Server Side Request Forgery (SSRF)
dotnetnuke.siteexportimport is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation where the SuperUser to specify an external URL during site export, which allows an attacker to import arbitrary data from external sources into the system...