101 matches found
EUVD-2024-33954
Malicious code in bioql PyPI...
EUVD-2024-16082
Malicious code in bioql PyPI...
EUVD-2024-39271
Malicious code in bioql PyPI...
EUVD-2025-19327
Malicious code in bioql PyPI...
CVE-2025-10764
A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...
CVE-2025-9052
Summary: CVE-2025-9052 affects projectworlds Travel Management System 1.0. A vulnerability exists in the /updatepackage.php file where manipulating the s1 parameter enables SQL injection. The issue is exploitable remotely, and public exploitation information is available. Multiple connected sourc...
PT-2025-31910 · Unknown · Atjiu Pybbs
Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A critical issue exists in atjiu pybbs up to version 6.0.0 related to weak password requirements in the update function of the file...
CVE-2025-7861 code-projects Church Donation System search.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...
XXL-JOB is vulnerable to SSRF attacks
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch...
CVE-2025-7601
A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/student-history.php. The manipulation of the argument stdid leads to cross site scripting. The attack can be initiated...
CVE-2025-7095 Comodo Internet Security Premium Update certificate validation
A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an atta...
CVE-2025-25264
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
CVE-2025-0480
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2024-3253
A vulnerability classified as critical was found in SourceCodester Internship Portal Management System 1.0. This vulnerability affects unknown code of the file admin/addadmin.php. The manipulation of the argument name/username/password leads to sql injection. The attack can be initiated remotely...
CVE-2023-20185
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...
CVE-2022-4599
A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross...
CVE-2022-45482
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
CVE-2019-10071
The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...
CVE-2025-4838 kanwangzjm Funiture Login LoginServlet.java doPost redirect
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of t...