Cerebrate 安全漏洞

Cerebrate is an open source platform from Cerebrate Open Source. Designed to act as an interconnect coordinator for trusted contact information providers and other security tools. A security vulnerability exists in versions of Cerebrate prior to 1.30, which stems from the possibility that an...

EUVD-2025-14245

Malicious code in bioql PyPI...

CVE-2025-47817

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...

CVE-2025-47817

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...

CVE-2025-47817

CVE-2025-47817 affects BlueWave Checkmate 2.0.2 and earlier (pre-b387eba). The issue arises from a profile edit request permitting a role parameter, enabling unvalidated external control of web parameters. CVSS v3.1: Network attack, low privileges, no user interaction, with high impacts to confid...

PT-2025-20645 · Bluewave · Bluewave Checkmate

Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions 2.0.2 and earlier, before b387eba Description: The issue allows a profile edit request to include a role parameter. This is related to the external control of assumed-immutable web parameters. Recommendations: For...

GeniXCMS Mailbox validation logic vulnerability

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...

CVE-2017-11557

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

Cross site request forgery (csrf)

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request...

fogforum-lfi.txt

======================================================= FOG Forum 0.8.1 Local File Inclusion Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

PHP-Nuke SQL Injection Edit/Save Message(s) Bug

Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...