EUVD-2022-15939

Malicious code in bioql PyPI...

EUVD-2025-18763

Malicious code in bioql PyPI...

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

PT-2025-26429 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7 Description: The issue allows an unauthenticated attacker to exploit verbose SQL error messages on the "creadb.php" endpoint before the 'create database' button is pressed. By sending malformed POST requests to this...

CVE-2025-44203

HotelDruid 3.0.7 is affected. An unauthenticated attacker can trigger information disclosure by causing verbose SQL error messages in creadb.php before pressing the 'create database' button. Malformed POST requests to the endpoint may reveal administrator credentials: username, password hash, and...

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-35659

In DevmemIntChangeSparse of devicememserver.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-38107

CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue...

CVE-2017-13322

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-24990 · Unknown · Property Cloud Platform Management Center

Name of the Vulnerable Software and Affected Versions: Property Cloud Platform Management Center version 1.0 Description: The issue is related to error-based SQL injection. Recommendations: For Property Cloud Platform Management Center version 1.0, at the moment, there is no information about a...

Shopify: DoS Vulnerability via Cache Poisoning on cdn.shopify.com and shopify-assets.shopifycdn.com

There was a web cache poisoning vulnerability on Shopify's CDN domains that allowed an attacker to block access to any file hosted on the website. The vulnerability existed because the cache server treated backslashes and forward slashes as equivalent, while the origin server returned 404 errors...

ROS-2-1914

2.1914 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

Google TensorFlow Null Pointer Dereference Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A null pointer dereference vulnerability exists in TrySimplify in Google TensorFlow. An attacker could exploit the vulnerability to cause a segmentation error...

Design/Logic Flaw

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

CVE-2018-5802

An error within the "kodakradcloadraw" function internal/dcrawcommon.cpp related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash...

Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting

source: https://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the...

Apache Tomcat 3.1 - Path Revealing

source: https://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of the error message. This informati...