CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

EUVD-2023-30572

Malicious code in bioql PyPI...

EUVD-2023-30573

Malicious code in bioql PyPI...

EUVD-2023-29357

Malicious code in bioql PyPI...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

Deserialization of untrusted data

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

Authentication flaw

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

Unrestricted file upload

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

yf-exam 代码问题漏洞

yf-exam CloudFan Training Exam System is a training exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the lack of restriction on the suffix of uploaded files, resulting in an arbitrary file upload...

yf-exam 代码问题漏洞

yf-exam CloudFan Training and Exam System is a training and exam system for CleverStupidDog individual developers. A security vulnerability exists in CleverStupidDog yf-exam version 1.8.0, which stems from the presence of a deserialization vulnerability that can be exploited by an attacker to cau...

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution RCE...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...