GoDoxy has a Path Traversal Vulnerability in its File API

Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

EUVD-2025-200301

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

CVE-2025-65877

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

CVE-2025-65877

Lvzhou CMS prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 is vulnerable to SQL injection via the title parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The input is concatenated into a dynamic SQL query without sanitization or prepared statements, enabling reading of se...

PT-2025-48773

Name of the Vulnerable Software and Affected Versions Lvzhou CMS versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 Description The software contains a SQL injection flaw due to unsanitized input. Specifically, the title parameter within the...

Lvzhou CMS 安全漏洞

Lvzhou CMS Oasis CMS is a content management system by wanliofficial individual developer. A security vulnerability exists in Lvzhou CMS Oasis CMS, which stems from the unfiltered direct splicing of SQL queries in the title parameter of the ContentService, which may lead to SQL injection attacks...

EUVD-2001-0612

Malware in sbrugna...

EUVD-2003-1122

Malware in sbrugna...

EUVD-2002-0784

Malware in sbrugna...

EUVD-2001-0613

Malware in sbrugna...

EUVD-2023-25472

Malicious code in bioql PyPI...

Malicious code in mydealer-content-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9da35bc1c296ca992821d1f1281d06c374f7f4c286a9fabd69faec84e55cb902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6181 Malicious code in mydealer-content-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9da35bc1c296ca992821d1f1281d06c374f7f4c286a9fabd69faec84e55cb902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-6870

A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched...

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20298

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Description of the security update for SharePoint Server 2019: December 10, 2024 (KB5002657)

Description of the security update for SharePoint Server 2019: December 10, 2024 KB5002657 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, Microsoft SharePoint information disclosure...

Description of the security update for SharePoint Server 2019 Language Pack: December 10, 2024 (KB5002664)

Description of the security update for SharePoint Server 2019 Language Pack: December 10, 2024 KB5002664 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, and Microsoft SharePoint informatio...

CVE-2023-21304

In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...