CVE-2025-15005

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

EUVD-2025-204679

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

EUVD-2009-0878

Malware in sbrugna...

PT-2025-4774 · Unknown · Next-Forge

Name of the Vulnerable Software and Affected Versions: next-forge affected versions not specified Description: The issue concerns a Next.js project boilerplate for modern web applications. A BASEHUB TOKEN is committed in the apps/web/.env.example file. Users are advised to avoid using this token...

CVE-2024-0864 RCE in Laragon

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

MobileDetect 跨站脚本漏洞

MobileDetect is a PHP class for detecting mobile devices. A cross-site scripting vulnerability exists in MobileDetect version 2.8.31, which stems from a problem with the initLayoutType function in the file examples/sessionexample.php in the component Example, which can lead to cross-site scriptin...

PT-2023-6704 · WordPress · Pdf Generator For Wordpress

Name of the Vulnerable Software and Affected Versions: PDF Generator for WordPress plugin versions prior to 1.1.2 Description: The issue is related to a Reflected Cross-Site Scripting susceptibility in a vendored dompdf example file included in the PDF Generator for WordPress plugin. This could b...

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting PoC POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

Typo3 4.2 / 4.5 Information Disclosure

INFORMAÇÕES: ---------------------------------------------------------- + Name: 0day Typo3 - Full Info Disclosure + Type: Full Info Disclosure + Vendor: https://typo3.org/typo3-cms/ + VULNERABLE VERSIONS: 4.2, 4.5 ---------------------------------------------------------- + AUTOR: Cleiton Pinheir...

Дырка в Apache::ASP

Один из файлов с примерами ./site/eg/source.asp позволяет перезаписать файл в локальной директории...

Security bug in Apache project: Jakarta Tomcat

The Apache project: Jakarta Tomcat contains a serius security bug. Tomcat is used together with the Apache web server to serve Java Server Pages and Java servlets. Summary from the Tomcat development team advisory is posted below: Advisory: Delivered with Tomcat is an example jsp/source.jsp that...