34 matches found
EUVD-2025-12638
Malicious code in bioql PyPI...
EUVD-2025-12629
Malicious code in bioql PyPI...
EUVD-2025-12643
Malicious code in bioql PyPI...
EUVD-2025-12640
Malicious code in bioql PyPI...
CVE-2025-40615
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-40616
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40617
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...
CVE-2025-40618
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40618
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40617
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...
CVE-2025-40616
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40615
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-40619 Improper access control vulnerability in Bookgy
Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...
CVE-2025-40619 Improper access control vulnerability in Bookgy
Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles...
CVE-2025-40618 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40618 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40618
The CVE-2025-40618 entry describes an SQL injection in Bookgy, exploitable via the IDRESERVA parameter in /bkg_imprimir_comprobante.php. Affected component: Bookgy web API endpoint; root cause: improper input handling allowing arbitrary SQL access. Implications shown in metrics: high impact on co...
CVE-2025-40617
CVE-2025-40617 is a SQL injection vulnerability in Bookgy. Reported impact includes the ability to retrieve, create, update, and delete databases via HTTP requests to /bkg_seleccionar_hora_ajax.php using the IDTIPO, IDPISTA, and IDSOCIO parameters. Affected product is Bookgy (no specific version ...
CVE-2025-40617 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...
CVE-2025-40617 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...