Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

ASB-A-435188844

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2025-68547

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

PT-2025-54348

Name of the Vulnerable Software and Affected Versions Realbig versions through 1.1.3 Description An authorization issue exists in Realbig due to incorrectly configured access control security levels. This allows for potential exploitation of the system. Recommendations Update Realbig to a version...

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

PT-2025-47196

Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description The software is susceptible to a Cross Site Scripting XSS issue. This flaw is located in the between-date-userreport.php script and affects the fromdate and todate parameters...

EUVD-2018-14503

Malware in sbrugna...

EUVD-2020-1613

Malware in sbrugna...

EUVD-2017-1851

Malware in sbrugna...

EUVD-2019-19162

Malware in sbrugna...

EUVD-2019-18838

Malware in sbrugna...

EUVD-2023-25168

Malicious code in bioql PyPI...

EUVD-2022-4323

Malicious code in bioql PyPI...

EUVD-2021-34024

Malicious code in bioql PyPI...

The vulnerability of the fs FilesystemHandler component in the Grub2 operating system allows a hacker to trigger a service failure.

The vulnerability of the fs FilesystemHandler component in the Grub operating system is related to writing beyond the boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...

CVE-2023-41875

Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6...

CVE-2023-32585

Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through = 1.4.6...

CVE-2024-43157

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...