EUVD-2023-29589

Malicious code in bioql PyPI...

CVE-2021-35955

Contao =4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7...

CVE-2024-8489

CVSS 8.8 (HIGH) — CVE-2024-8489: CSRF in modelscope/agentscope, specifically the AgentScope Studio backend server. The issue stems from overly permissive CORS headers, allowing CSRF to access all backend endpoints, including the api/file endpoint for reading arbitrary files on the target’s local ...

CVE-2025-2352

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may...

CVE-2024-35375

There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS...

Command execution vulnerability in the backend of the Guojiz international web site navigation system (CNVD-2021-12801)

Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz international web site navigation system back-end command execution vulnerability, an attacker can use...