PT-2026-21317

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

CVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

EUVD-2021-11752

Malware in sbrugna...

EUVD-2021-31641

Malicious code in bioql PyPI...

EUVD-2021-8665

Malicious code in bioql PyPI...

EUVD-2025-23878

Malicious code in bioql PyPI...

EUVD-2025-7113

Malicious code in bioql PyPI...

EUVD-2024-27312

Malicious code in bioql PyPI...

Exploit for CVE-2025-41373

CVE-2025-41373 – SQL Injection in Gandia Integra Total Auth...

CVE-2025-53527

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatoriogeracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or...

PT-2025-26664

Name of the Vulnerable Software and Affected Versions Linksys E-Series routers versions prior to a firmware update Linksys E4200 Linksys E3200 Linksys E3000 Linksys E2500 Linksys E2100L Linksys E2000 Linksys E1550 Linksys E1500 Linksys E1200 Linksys E1000 Linksys E900 Description An OS command...

CVE-2025-46204

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/id endpoint...

CVE-2024-51560

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message...

CVE-2024-8141

A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument caloriedate/caloriename leads to cross site scripting. It is possible to...

CVE-2024-51559

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...

CVE-2022-30367

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=deleteimg...

CVE-2025-46559

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

CVE-2025-42603 Information Disclosure Vulnerability in Meon KYC solutions

This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive...

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the typeahead endpoint performing a HEAD request without setting a timeout, allowing an attacker to exploit this by making requests to an attacker-controlled server that hangs, causing the application to become...

lunary access control error vulnerability (CNVD-2025-07602)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from improper access control on the /v1/datasets endpoint, and can be exploited by an attacker to gain access to unauthorized datasets...