FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...

CVE-2025-14730

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

PT-2025-51320

Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A security flaw exists in CTCMS Content Management System. The issue resides in an unknown function within the /ctcms/libs/Ct Config.php library of the Backend System Configurati...

EUVD-2018-19751

Malware in sbrugna...

EUVD-2025-10979

Malicious code in bioql PyPI...

EUVD-2023-36150

Malicious code in bioql PyPI...

CVE-2023-33517

carRental 1.0 is vulnerable to Incorrect Access Control Arbitrary File Read on the Back-end System...

CVE-2025-29280

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...

CVE-2025-29280

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...

CVE-2025-29280

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...

PT-2025-16341 · Unknown · Perfreeblog

Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A stored cross-site scripting vulnerability exists in the website name field of the backend system settings interface, allowing an attacker to insert and execute arbitrary malicious code. Recommendation...

CVE-2025-29280

CVE-2025-29280 is a stored cross-site scripting vulnerability in PerfreeBlog v4.0.11, occurring in the website name field of the backend system settings interface. The issue allows an attacker to insert and execute arbitrary malicious code. The CVSS 3.1 base metrics indicate a Medium severity (4....

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the jobId parameter...

GFast 安全漏洞

GFast is a GF Go Frame based backend management system by tiger1103. A security vulnerability exists in GFast v2 to v3.2, which originates from a SQL injection in the OrderBy parameter of /system/operLog/list...

sssd bug fix update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

RuoYi SQL注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A SQL injection vulnerability exists in RuoYi 4.7.7 and earlier versions. The vulnerability stems from improperly filtered sql statements, resulting in SQL injection and DoS attacks...

PT-2023-3469 · Unknown · Omicard Edm +1

Name of the Vulnerable Software and Affected Versions: OMICARD EDM ITPison affected versions not specified OMICARD EDM affected versions not specified Description: The issue is related to the file uploading function in the OMICARD EDM backend system, which does not restrict the upload of files wi...

distribution catalog API endpoint can lead to OOM via malicious user input

Impact Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request. Patches Upgrade to at least 2.8.2-beta.1 if you are running v2.8.x release. If you use the code...

X-Man SQL注入漏洞

X-Man is a backend system based on ThinkPHP framework developed by S1xGod individual developers. A security vulnerability exists in X-Man version 1.0. An attacker exploited the vulnerability to perform SQL injection attacks...