27 matches found
EUVD-2025-10508
Malicious code in bioql PyPI...
EUVD-2024-53451
Malicious code in bioql PyPI...
EUVD-2025-10697
Malicious code in bioql PyPI...
CVE-2024-56924
A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...
CVE-2025-29015
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...
PT-2025-16961 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: The issue concerns Cross Site Scripting XSS via the name parameter in the "/admin/pages account.php" API endpoint. This allows for potential malicious script injection. No...
CVE-2025-29015
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
PT-2025-15988 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...
CVE-2025-29017
Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
PT-2025-15868 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Stored Cross-Site Scripting XSS issue exists in the name parameter of pages add acc type.php in the Code Astro Internet Banking System. This allows for malicious script execution...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29018
CVE-2025-29018 affects Code Astro Internet Banking System 2.0.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the name parameter of pages_add_acc_type.php. Core details: vulnerable component is the PHP page handler and the issue arises from unsanitized/reflective input in the name ...