CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

EUVD-2025-1714

Malicious code in bioql PyPI...

EUVD-2023-23338

Malicious code in bioql PyPI...

EUVD-2025-8867

Malicious code in bioql PyPI...

EUVD-2025-14099

Malicious code in bioql PyPI...

EUVD-2025-25887

Malicious code in bioql PyPI...

EUVD-2025-13333

Malicious code in bioql PyPI...

EUVD-2023-58876

Malicious code in bioql PyPI...

EUVD-2024-48615

Malicious code in bioql PyPI...

EUVD-2024-51424

Malicious code in bioql PyPI...

EUVD-2023-59239

Malicious code in bioql PyPI...

CVE-2025-9397

CVE-2025-9397 affects givanz Vvveb up to 1.0.7.2. The flaw resides in /system/traits/media.php, where manipulating the files[] argument can cause unrestricted file uploads. This enables remote exploitation with publicly available exploits. A patch is advised; the code maintainer indicates a fix a...

Linux Distros Unpatched Vulnerability : CVE-2025-8586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ffseekframebinary of the file /libavformat/utils....

CVE-2025-9097

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cicprod.bad. The manipulation leads to improper export of android application...

CVE-2025-8758 TRENDnet TEW-822DRE vsftpd least privilege violation

A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The...

CVE-2025-8248

A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-7585

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-7069

CVE-2025-7069 affects HDF5 1.14.6. The vulnerability is a heap-based buffer overflow in the function H5FS__sect_link_size (src/H5FSsection.c) caused by improper input size validation. It enables a local attacker to trigger exploitation on the host. The exploit has been disclosed publicly. No patc...

CVE-2025-6857 HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow

A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5Gnodecmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

CVE-2025-6846 code-projects Simple Forum forum_viewfile.php sql injection

A vulnerability classified as critical has been found in code-projects Simple Forum 1.0. This affects an unknown part of the file /forumviewfile.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...