EUVD-2025-26699

Malicious code in bioql PyPI...

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-dynamic-pages/create path. An attacker can retrieve, create, update, or delete database records by injecting malicious SQL statements. Remediation There is no fixe...

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

CVE-2025-41033

CVE-2025-41033 — AppRain CMF 4.0.5 is affected by an SQL injection in the /apprain/page/manage-dynamic-pages/create endpoint. The vulnerability stems from improper validation of the data[Page][name] parameter, allowing an attacker to retrieve, create, update, and delete records in the database. M...

PT-2025-35904

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection vulnerability exists that allows an attacker to retrieve, create, update, and delete the database. This is possible through the data%5BPage%5D%5Bname%5D parameter in the...

GHSA-GP8F-8M3G-QVJ9 Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

Facebook HHVM Buffer Overflow Vulnerability (CNVD-2021-55183)

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of PHP loading dynamic pages. Facebook HHVM is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to perform out-of-bounds writes on the heap,...

CVE-2019-0352

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages like jsp are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout...

Information disclosure

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages like jsp are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout...

Automattic: woocommerce - prevent_caching() bug / bypass

As guest visit the following links and look at the headers. Yup there are not caching headers in the response. https://woocommerce.com/.cart/https://woocommerce.com/.cart/ https://woocommerce.com/+cart/https://woocommerce.com/+cart/ https://woocommerce.com/-cart/https://woocommerce.com/-cart/...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

Netquery <= 3.1 Multiple Vulnerabilities

The remote host is running Netquery, a suite of network information utilities written in PHP. The version of Netquery on the remote host suffers from multiple flaws : - Remote Code Execution An attacker can execute arbitrary commands through the Ping panel of the 'nquser.php' script provided it's...