CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...

EUVD-2025-7072

Malicious code in bioql PyPI...

CVE-2025-3759

Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...

CVE-2025-22597

WeGIA Web Manager (WeGIA) prior to version 3.2.8 contains a Stored XSS in CobrancaController.php via the local_recepcao parameter. Attackers can inject scripts that are stored on the server and executed when users load the affected page. Remediation: upgrade to version 3.2.8; consider restricting...

PT-2024-24202 · Unknown · Open Eclass

Name of the Vulnerable Software and Affected Versions: openclass versions 3.15 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted file to the "certbadge.php" endpoint. This enables the attacker to potentially gain control over the system. Recommendations...

PT-2024-23688 · Fudforum · Fudforum

Name of the Vulnerable Software and Affected Versions: FUDforum version 3.1.3 Description: A reflected cross-site scripting XSS issue was discovered in FUDforum. The vulnerability is exploited via the chpos parameter at the "/adm/admsmiley.php" API endpoint. Recommendations: For FUDforum version...