102 matches found
GHSA-M9HQ-H476-H2G8 Pyroscope Exposes Storage Secret
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
Pyroscope Exposes Storage Secret
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
Code-Projects Accounting System SQL注入漏洞
Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter cosid in the file/viewincostumer.php of the Component Paramete...
EUVD-2026-16975
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...
CVE-2026-5034
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-5033
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...
CVE-2026-5034
The CVE-2026-5034 issue affects code-projects Accounting System 1.0, specifically the Parameter Handler’s /edit_costumer.php. The cos_id argument manipulation enables SQL injection, with remote exploitation possible and an exploit published. Multiple feeds (NVD, Red Hat, ENISA EUVD, CIRCL, CVE li...
CVE-2026-5034 code-projects Accounting System Parameter edit_costumer.php sql injection
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-5034
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-5033
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...
CVE-2026-5033 code-projects Accounting System Parameter view_costumer.php sql injection
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...
PT-2026-28745
Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A flaw exists in the Parameter Handler component of the software, specifically within the /edit costumer.php file. Manipulation of the cos id argument can lead to SQL injection. This issu...
[SECURITY] Fedora 44 Update: rust-reqsign-tencent-cos-3.0.0-1.fc44
Tencent Cloud COS signing implementation for reqsign...
CVE-2026-4836
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...
CVE-2026-4836
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...
CVE-2026-4836
CVE-2026-4836 affects code-projects Accounting System 1.0. The vulnerability lies in the delete.php handling of the cos_id parameter, enabling SQL injection. Exploitation is possible remotely and exploitation is demonstrated as a Proof-of-Concept in the references. The CVSS metrics indicate a MED...