CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

CVE-2026-2096

PT-2026-3085 documents a new Azure SSO vulnerability in Windows Admin Center that lets a local administrator on a single machine escape the VM and achieve tenant‑wide remote code execution. Affected component: Windows Admin Center’s Azure SSO integration. Exploit path: local admin on one machine ...

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a security vulnerability that stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read, modify, and delete...

EUVD-2014-8009

Malware in sbrugna...

EUVD-2025-27209

Malicious code in bioql PyPI...

EUVD-2025-27200

Malicious code in bioql PyPI...

EUVD-2025-28806

Malicious code in bioql PyPI...

PT-2025-36549

Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...

PT-2025-36558

Name of the Vulnerable Software and Affected Versions: SAP ABAP affected versions not specified Description: The issue involves a missing input validation in ABAP reports. An attacker with high privilege access could delete the content of arbitrary database tables not protected by an authorizatio...

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM i that stems from bypassing database feature limitation checks. A privileged bad actor could delete or otherwise affect databas...

Cisco DNA Spaces:Connector SQL Injection Vulnerability

Cisco DNA Spaces is a set of indoor location services platform from Cisco.Cisco DNA Spaces:Connector is one of the connectors used to support the communication of Cisco wireless controllers. A SQL injection vulnerability exists in the Web UI in versions prior to Cisco DNA Spaces: Connector 2.0 th...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

Unauthorized Access Vulnerability in Odoo

Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation

CF Image Hosting Script 1.6.5 - Delete all Pictures Privilege Escalation !/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage:...

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation

!/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage: https://davidtavarez.github.io/ Software Link:...

CVE-2016-7833

Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM Cybozu Dezie proprietary format file via unspecified vectors...