EUVD-2024-16890

Malicious code in bioql PyPI...

EUVD-2025-12433

Malicious code in bioql PyPI...

EUVD-2025-7534

Malicious code in bioql PyPI...

EUVD-2024-33614

Malicious code in bioql PyPI...

EUVD-2024-51285

Malicious code in bioql PyPI...

EUVD-2025-12567

Malicious code in bioql PyPI...

EUVD-2023-23564

Malicious code in bioql PyPI...

EUVD-2024-31958

Malicious code in bioql PyPI...

CVE-2025-8708

CVE-2025-8708 affects Antabot White-Jotter 0.22, specifically the CookieRememberMeManager in ShiroConfiguration.java (com.gm.wj.config.ShiroConfiguration). The vulnerability is triggered by manipulating the input EVANNIGHTLY_WAOU, leading to deserialization. The issue is exploitable remotely and ...

CVE-2025-6761 Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The...

CVE-2025-6286

The CVE-2025-6286 entry concerns PHPGurukul COVID19 Testing Management System 2021. The vulnerability is an open redirect caused by manipulating the q parameter in an unknown function within /search-report-result.php. Public disclosure is noted, and exploitation could be remote. Various connected...

CVE-2025-5150

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5029

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

CVE-2025-4882 itsourcecode Restaurant Management System team_update.php sql injection

A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/teamupdate.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-4866 weibocom rill-flow Management Console code injection

A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-4341 D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command...

CVE-2025-4293

CVE-2025-4293 affects MRCMS 3.1.3, specifically the Group Edit Page component’s /admin/group/edit.do. The root cause is a cross-site scripting vulnerability in an unknown functionality of that endpoint, which can be exploited remotely. Public disclosure and available details indicate exploitation...

CVE-2025-4256

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /adminpaylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2025-4112

CVE-2025-4112 affects PHPGurukul Student Record System v3.20. The issue is a SQL injection in the add-course.php file caused by manipulating the course-short parameter. Impact is potential unauthorized data access/steal from the database; exploitation is described as remote. Multiple connected so...

PT-2025-17376 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: WCMS version 11 Description: A critical vulnerability has been found in WCMS 11, affecting an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the mobile phone argument leads to SQL injection. The...