202 matches found
EUVD-2023-35287
Malicious code in bioql PyPI...
EUVD-2024-51091
Malicious code in bioql PyPI...
EUVD-2023-1677
Malicious code in bioql PyPI...
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
CVE-2025-57733
JetBrains TeamCity prior to 2025.07.1 is vulnerable to a sMTP injection that can modify email content. The CVE-2025-57733 entry is corroborated by multiple connected sources, including Red Hat advisory and PT Security, which list TeamCity
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
CVE-2025-5417
An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container...
electron ASAR Integrity bypass by just modifying the content
electron's ASAR Integrity can be bypass by modifying the content. Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macO...
Restaurant Table Booking System /admin/add-table.php File Cross-Site Scripting Vulnerability
Restaurant Table Booking System is a restaurant table reservation system. The Restaurant Table Booking System suffers from a cross-site scripting vulnerability that stems from improper handling of the parameter tableno in the file /admin/add-table.php. An attacker could use this vulnerability to...
CVE-2024-6012
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, wit...
CVE-2023-30949
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
CVE-2023-29207
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...
CVE-2021-37413
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...
CVE-2021-24633
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...
CVE-2019-13931
A vulnerability has been identified in XHQ All versions V6.0.0.2. The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be...
CVE-2013-5594
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding...
CVE-2013-2123
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...
CVE-2025-2572
In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup...