CVE-2025-15394

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

EUVD-2025-4796

Malicious code in bioql PyPI...

EUVD-2025-4793

Malicious code in bioql PyPI...

CVE-2025-8211

A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2024-51505

An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role Config Admin could leverage a race condition to escalate privileges...

CVE-2024-51505

An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role Config Admin could leverage a race condition to escalate privileges...

CVE-2024-39328

Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role Config Admin could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk...

CVE-2024-51505

CVE-2024-51505 (Atos Eviden IDRA) affects IDRA prior to version 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges, potentially affecting confidentiality and integrity. Related Red Hat entries describe insecure permissions for the same product famil...

CVE-2024-51505

An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role Config Admin could leverage a race condition to escalate privileges...

CVE-2024-39328

Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role Config Admin could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk...

CVE-2023-6904

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument adminname leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the...

NxFilter Cross-Site Request Forgery Vulnerability

NxFilter is a lightweight DNS filter from NxFilter, Inc. A cross-site request forgery vulnerability exists in NxFilter version 4.3.2.5, which stems from the parameter adminname in the file /config,admin.jsp that can lead to cross-site request forgery...

PT-2023-32813 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic vulnerability was found in Jahastech NxFilter, affecting the file /config,admin.jsp. The manipulation of the admin name argument leads to cross-site request forgery. The attack can...