18 matches found
EUVD-2025-13446
Malicious code in bioql PyPI...
EUVD-2025-13440
Malicious code in bioql PyPI...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
PT-2025-19751 · Dbsyncer · Dbsyncer
Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
DBSyncer 安全漏洞
DBSyncer is an open source data synchronization middleware by 86dbs individual developers. A security vulnerability exists in DBSyncer version v2.0.6, which stems from improper access control of the /config/download component and could lead to the disclosure of sensitive information...
CVE-2025-45236
Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...
CVE-2025-45237
CVE-2025-45237 concerns DBSyncer v2.0.6 with an incorrect access control in the /config/download component. The issue could allow unauthenticated access to a JSON file that contains sensitive account information, including encrypted passwords. Impact is stated in sources as high confidentiality r...
DBSyncer 安全漏洞
DBSyncer is an open source data synchronization middleware by 86dbs individual developers. A security vulnerability exists in DBSyncer version v2.0.6, which stems from the mishandling of the Nickname parameter in the Edit Profile feature, which could lead to a stored cross-site scripting attack...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
PT-2025-19752 · Dbsyncer · Dbsyncer
Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: The issue is related to incorrect access control in the component /config/download of DBSyncer, allowing attackers to access a JSON file that contains sensitive account information, including the encrypted...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...