CVE-2025-13299

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-13299 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-13297

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-13297 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been...

PT-2025-47206

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0 Description A flaw exists in itsourcecode Web-Based Internet Laboratory Management System version 1.0 that allows for SQL injection. The issue is located in an unknown...

PT-2025-47203

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0 Description A flaw exists in itsourcecode Web-Based Internet Laboratory Management System 1.0. The issue impacts an unknown function within the /user/controller.php file...

EUVD-2025-29149

Malicious code in bioql PyPI...

EUVD-2025-24137

Malicious code in bioql PyPI...

EUVD-2025-28395

Malicious code in bioql PyPI...

CVE-2025-10425 1000projects Online Student Project Report Submission and Evaluation System student_controller.php unrestricted upload

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

CVE-2025-8813 atjiu pybbs IndexController.java changeLanguage redirect

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attac...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of the Xooa Deployment Token in the global configuration file on the Jenkins controller. An attacker can gain unauthorized access to sensitive credentials by obtaining access to the Jenkins controller...

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information in the storage of the JWT token in the global configuration file on the controller. An attacker can access sensitive authentication credentials by obtaining access to the controller file system...

openvpn-cms-flask 路径遍历漏洞

openvpn-cms-flask is a web management system based on openvpn by xiaoyunjie individual developer in China. A path traversal vulnerability exists in openvpn-cms-flask 1.2.7 and earlier versions, which is caused by a path traversal error in the parameter image in the file...

EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

Atheos 安全漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to v602, which stems from the $target parameter in /controller.php not being properly validated, which could lead to the execution of arbitrary files via path travers...