40 matches found
EUVD-2016-3435
Malware in sbrugna...
EUVD-2008-1735
Malware in sbrugna...
EUVD-2022-34305
Malicious code in bioql PyPI...
EUVD-2024-47198
Malicious code in bioql PyPI...
pds_core: remove write-after-free of client_id
...
CVE-2025-6134
Projectworlds Life Insurance Management System 1.0 contains a SQL injection vulnerability in /insertClient.php, caused by manipulation of the client_id parameter. Remote exploitation is possible, and public disclosures exist. Other parameters may be affected. Connected sources note a remediation ...
The vulnerability of the aysavegoogle_credentials() function in the Quiz Maker plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information and perform cross-site scripting attacks.
The vulnerability of the aysavegooglecredentials function in the Quiz Maker plugin of the WordPress content management system is related to deficiencies in the authentication process when processing the clientid parameter. Exploiting this vulnerability could allow an attacker, operating remotely,...
CVE-2025-37916
CVE-2025-37916 concerns the Linux kernel pds_core component. The issue is a use-after-free caused by a write-after-free of client_id in pdsc_auxbus_dev_del during stress testing, leading to a KFENCE reported bug chain. The fix removes the offending write-after-free by eliminating the client_id cl...
CVE-2025-37916 pds_core: remove write-after-free of client_id
In the Linux kernel, the following vulnerability has been resolved: pdscore: remove write-after-free of clientid A use-after-free error popped up in stress testing: Mon Apr 21 21:21:33 2025 BUG: KFENCE: use-after-free write in pdscauxbusdevdel+0xef/0x160 pdscore Mon Apr 21 21:21:33 2025...
CVE-2024-11302
A missing checkaccess function in the lollmsbindinginfos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /installbinding and /reinstallbinding endpoints, among others, enabling unauthorized...
CVE-2025-2062
A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument clientid leads to sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-6040
CVE-2024-6040 affects parisneo/lollms-webui v9.8 where lollms_binding_infos lacks the client_id parameter. The endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are vulnerable to CSRF and local attacks, ...
CVE-2024-6040 Missing client_id in parisneo/lollms-webui
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-6040 Missing client_id in parisneo/lollms-webui
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-36597
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the clientid parameter at clientStatus.php...
CVE-2024-36597
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the clientid parameter at clientStatus.php...
Aegon Life SQL Injection Vulnerability
Aegon Life is an application from Aegon Life. A SQL injection vulnerability exists in Aegon Life v1.0, which originates from a SQL injection vulnerability in the clientid parameter in clientStatus.php...
CVE-2024-36597
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the clientid parameter at clientStatus.php...