155 matches found
Gibbon LMS <= v25.0.01 - File Upload to RCE
Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution RCE. The issue stems from the rubricsvisualisesaveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potential...
Malicious code in edu-npm-dependency-chain-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...
MAL-2026-5623 Malicious code in edu-npm-dependency-chain-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...
Malicious code in edu-npm-postinstall-demo2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...
MAL-2026-5624 Malicious code in edu-npm-postinstall-demo2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce30f195fb63661526196defd7d613a58ded58acd1208989400bf6267de6bfb1 On npm install, postinstall.js reads the installer's .env file from INITCWD, harvests environment variable values DEMO-prefixed, collects host...
Malicious Package
Overview @wgu-edu/wgu-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter...
CVE-2025-61547
Cross-Site Request Forgery CSRF is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into...
edu Business Solutions Print Shop Pro WebDesk 安全漏洞
edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from insufficient validation of client-side inputs and could lead to a...
edu Business Solutions Print Shop Pro WebDesk 安全漏洞
edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which originates from a misbehavior of the parameter LoginID in the file...
edu Business Solutions Print Shop Pro WebDesk 安全漏洞
edu Business Solutions Print Shop Pro WebDesk is a print order management system from US-based edu Business Solutions. A security vulnerability exists in edu Business Solutions Print Shop Pro WebDesk version 18.34, which stems from a missing CSRF token and could lead to a cross-site request forge...
EUVD-2019-13105
Malware in sbrugna...
EUVD-2024-25294
Malicious code in bioql PyPI...
EUVD-2021-7464
Malicious code in bioql PyPI...
CVE-2025-9721
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...
CVE-2024-28147
An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...
blit-server (>=0.20.0 <=0.28.3), gridvid (>=0.1.0 <=0.3.0) +7 more potentially affected by CVE-2025-27091 via openh264-sys2 (>=0.1.17 <=0.7.1)
openh264-sys2 CARGO version =0.1.17, =0.20.0, =0.1.0, =0.1.9, =0.1.33, =0.2.0, =0.1.0, =0.4.0, =0.5.5 Source cves: CVE-2025-27091 Source advisory: OSV:RUSTSEC-2025-0008...
PT-2024-17832 · Unknown · 1000 Projects Portfolio Management System Mca
Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown processing of the file /update edu details.php. The manipulati...
Edu-Sharing Arbitrary File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...