Gibbon LMS <= v25.0.01 - File Upload to RCE

Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution RCE. The issue stems from the rubricsvisualisesaveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potential...

Malicious Package

Overview @wgu-edu/wgu-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter...

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...

CVE-2025-61547

Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which originates from a misbehavior of the parameter LoginID in the file...

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from a missing CSRF token and could lead to a cross-site request forge...

edu Business Solutions Print Shop Pro WebDesk 安全漏洞

edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from insufficient validation of client-side inputs and could lead to a...

EUVD-2019-13105

Malware in sbrugna...

EUVD-2024-25294

Malicious code in bioql PyPI...

EUVD-2021-7464

Malicious code in bioql PyPI...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

blit-server (>=0.20.0 <=0.28.3), gridvid (>=0.1.0 <=0.3.0) +7 more potentially affected by CVE-2025-27091 via openh264-sys2 (>=0.1.17 <=0.7.1)

openh264-sys2 CARGO version =0.1.17, =0.20.0, =0.1.0, =0.1.9, =0.1.33, =0.2.0, =0.1.0, =0.4.0, =0.5.5 Source cves: CVE-2025-27091 Source advisory: OSV:RUSTSEC-2025-0008...

PT-2024-17832 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown processing of the file /update edu details.php. The manipulati...

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...