31 matches found
CVE-2026-56347
AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...
vLLM 代码注入漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code injection vulnerability exists in vLLM versions prior to 0.11.1 that stems from the presence of a remote code execution vector in the NemotronNanoVLConfig configuration class, which could...
EUVD-2008-2359
Malware in sbrugna...
EUVD-2021-2594
Malware in sbrugna...
EUVD-2024-0913
Malicious code in bioql PyPI...
EUVD-2024-50260
Malicious code in bioql PyPI...
RHEL 8 : kpatch-patch-4_18_0-553_16_1, kpatch-patch-4_18_0-553_30_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, and kpatch-patch-4_18_0-553_72_1 (RHSA-2025:16582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16582 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...
The vulnerability of the XWiki.SearchSuggestSourceClass class in the XWiki platform, a collaborative web application platform. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the XWiki.SearchSuggestSourceClass in the XWiki platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
CVE-2019-19849
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...
Laundry Management System 授权问题漏洞
Laundry Management System is a laundry management system. An authorization issue vulnerability exists in Online Laundry Management System version 1.0, which stems from an improper authorization vulnerability in the adminclass.php file...
CodeIgniter 安全漏洞
CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter v4.4.7 and earlier versions, which stems from a security issue contained in the Language class, and can be exploited by an attacker to consume large amounts of server memory...
Moderate: python-mako security update
Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
Faculty Evaluation System SQL注入漏洞
Faculty Evaluation System is a faculty evaluation system by the individual developer Carlo Montero. A SQL injection vulnerability exists in Faculty Evaluation System version 1.0, which stems from an SQL injection issue in the id parameter of ajax.php?action=deleteclass...
Video Sharing Website SQL注入漏洞
Video Sharing Website is a video sharing website. A SQL injection vulnerability exists in Campcodes Video Sharing Website version 1.0, which stems from a problem with the file adminclass.php, where manipulation of the parameter email can lead to sql injection...
Automatic Question Paper Generator System SQL注入漏洞
Automatic Question Paper Generator System is an automatic question paper generator system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in SourceCodester Automatic Question Paper Generator System version 1.0, which is caused by unknown code in admin/courses/viewclass.p...
Path traversal
"Sametime Android potential path traversal vulnerability when using File class"...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
Ubuntu 16.04 ESM : Python vulnerabilities (USN-5083-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5083-1 advisory. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only...
Denial of Service (DoS)
Overview bindata is a BinData is a declarative way to read and write binary file formats. This means the programmer specifies what the format of the binary data is, and BinData works out how to read and write data in this format. It is an easier and more readable alternative to ruby's pack and...
Information disclosure
An information disclosure vulnerability was discovered in /index.class.php via port 8181 on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system...