Lucene search
K

155 matches found

Nuclei
Nuclei
added yesterday34 views

Gibbon LMS <= v25.0.01 - File Upload to RCE

Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution RCE. The issue stems from the rubricsvisualisesaveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potential...

9.8CVSS7.8AI score0.63113EPSS
Exploits8References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 8:25 a.m.8 views

Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/11 8:25 a.m.23 views

MAL-2026-5623 Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 8:25 a.m.24 views

Malicious code in edu-npm-postinstall-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...

5.3AI score
Exploits0References3
OSV
OSV
added 2026/06/11 8:25 a.m.9 views

MAL-2026-5624 Malicious code in edu-npm-postinstall-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...

5.3AI score
Exploits0References3
Snyk
Snyk
added 2026/03/06 3:20 p.m.6 views

Malicious Package

Overview @wgu-edu/wgu-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.2 views

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...

5.8AI score0.00435EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.4 views

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter...

5.6AI score0.00435EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.25 views

CVE-2025-61547

Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...

0.00148EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from insufficient validation of client-side inputs and could lead to a...

9.1CVSS6.6AI score0.00488EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which originates from a misbehavior of the parameter LoginID in the file...

6.1CVSS6AI score0.00209EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from a missing CSRF token and could lead to a cross-site request forge...

6.8CVSS6.5AI score0.00148EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-13105

Malware in sbrugna...

7.8CVSS7.4AI score0.00503EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-25294

Malicious code in bioql PyPI...

7.4CVSS6.6AI score0.00831EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-7464

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/02 7:37 a.m.4 views

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

5.4CVSS3.7AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.4 views

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

7.4CVSS6.9AI score0.00831EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/02/24 12:0 p.m.2 views

blit-server (>=0.20.0 <=0.28.3), gridvid (>=0.1.0 <=0.3.0) +7 more potentially affected by CVE-2025-27091 via openh264-sys2 (>=0.1.17 <=0.7.1)

openh264-sys2 CARGO version =0.1.17, =0.20.0, =0.1.0, =0.1.9, =0.1.33, =0.2.0, =0.1.0, =0.4.0, =0.5.5 Source cves: CVE-2025-27091 Source advisory: OSV:RUSTSEC-2025-0008...

8.6CVSS7.1AI score0.00639EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.3 views

PT-2024-17832 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown processing of the file /update edu details.php. The manipulati...

9.8CVSS8.1AI score0.00735EPSS
Exploits1References14
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.387 views

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

7.1AI score0.00831EPSS
Exploits1
Rows per page
Query Builder