CVE-2025-13270

A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=savecourse. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could...

EUVD-2013-6540

Malware in sbrugna...

EUVD-2024-0711

Malicious code in bioql PyPI...

EUVD-2025-19425

Malicious code in bioql PyPI...

EUVD-2024-2112

Malicious code in bioql PyPI...

PT-2025-33638 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.5.1 Description: A security flaw has been discovered in Portabilis i-Diario. The vulnerability affects an unknown functionality of the file /password/email within the Password Recovery Endpoint componen...

PT-2025-32470 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos related to missing authorization checks within the Delete Request Handler component. The vulnerability resides in the /auth/delete project/ file and is...

CVE-2025-8515

The CVE-2025-8515 entry concerns Intelbras InControl 2.21.60.9. The vulnerability affects the unknown code path in the /v1/operador/ JSON Endpoint, enabling information disclosure when manipulated remotely. Exploitation is described as high complexity with no required user interaction and no priv...

CVE-2025-5412

A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument returnto leads to cross site scripting. It is possible to...

CVE-2021-32017

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files...

CVE-2023-38693 RCE in Lucee REST endpoint

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

PT-2025-4059 · Sourcecodester · Sourcecodester Best Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Employee Management System version 1.0 Description: A critical issue was found in the Administrative Endpoint component, specifically in the file /admin/View user.php, leading to improper access controls. The attack can be...

CVE-2024-47087 Information Disclosure Vulnerability

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...