114 matches found
EUVD-2023-37846
Malicious code in bioql PyPI...
EUVD-2024-0229
Malicious code in bioql PyPI...
EUVD-2022-3172
Malicious code in bioql PyPI...
EUVD-2024-27307
Malicious code in bioql PyPI...
EUVD-2023-49092
Malicious code in bioql PyPI...
EUVD-2024-0690
Malicious code in bioql PyPI...
EUVD-2023-55779
Malicious code in bioql PyPI...
EUVD-2022-30158
Malicious code in bioql PyPI...
EUVD-2024-1277
Malicious code in bioql PyPI...
EUVD-2024-2606
Malicious code in bioql PyPI...
EUVD-2022-5858
Malicious code in bioql PyPI...
CVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...
Microweber XSS Vulnerability in the homepage Endpoint
Microweber CMS 2.0 is vulnerable to Cross Site Scripting XSS in the /projects/profile, homepage endpoint via the last name field...
CVE-2025-54137
The CVE-2025-54137 entry pertains to HAX CMS NodeJS. Affected versions are 11.0.9 and earlier, which were shipped with hardcoded default credentials for user and superuser accounts and default JWT private keys. Installation does not prompt for credential/secret changes, and there is no UI path to...
PT-2025-24646 · Unknown · Dm Corporative Cms
Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: The issue allows an attacker to view the contents of webroot/file by navigating to a non-existent file, potentially exposing sensitive information. Recommendations: At the moment...
CVE-2025-48953
Umbraco CMS (ASP.NET) has a file-upload bypass vulnerability: in versions 14.0.0 up to but not including 15.4.2 and 16.0.0, an API request can be manipulated to upload a file that doesn’t conform to the configured allowed extensions. The issue is fixed in 15.4.2 and 16.0.0. There are no publicly ...
CVE-2024-26349
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deletetranslation.php...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
CVE-2020-5513
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal...
CVE-2018-11679
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability that can add an article via /index.php?case=table=add=archivedir=admin...