Lucene search
K

108 matches found

Snyk
Snyk
added 2026/04/22 7:58 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the require process. An attacker can access sensitive local .js and .json files by supplying malicious JavaScript templates that exploit the module loader to bypass file access restrictions. This is only...

6.8CVSS5.8AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 9:51 p.m.7 views

CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...

7.1CVSS6.7AI score0.00242EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-8083

Malware in sbrugna...

6.1CVSS6.5AI score0.04105EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-2828

Malware in sbrugna...

4.3CVSS6.1AI score0.00929EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-0840

Malware in sbrugna...

6.4CVSS6.1AI score0.00964EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4582

Malware in sbrugna...

4.6CVSS6.4AI score0.00323EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-0859

Malware in sbrugna...

8.4CVSS8.4AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2023-0091

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00651EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-24015

Malicious code in bioql PyPI...

6.5CVSS8.1AI score0.00712EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-52208

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.00296EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6092

Malicious code in bioql PyPI...

8.1CVSS6.9AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/27 12:0 a.m.6 views

PT-2025-31015 · Code Projects · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A critical issue exists in code-projects Exam Form Submission 1.0. The vulnerability is due to SQL injection, which can be triggered by manipulating the email argument in the /admin/...

9.8CVSS7.3AI score0.00498EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/07/02 7:27 p.m.9 views

CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

6.1CVSS0.01315EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.3 views

PT-2025-27100 · Ctusers · Ctusers

Name of the Vulnerable Software and Affected Versions: CTUsers versions through 1.0.0 Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. Recommendations:...

7.5CVSS7AI score0.00422EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.6 views

PT-2025-26269 · Unknown · Phpgurukul Notice Board System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Notice Board System version 1.0 Description: A problematic issue has been found in the PHPGurukul Notice Board System, affecting the file /admin/manage-notices.php of the Add Notice component. The manipulation of the Title and...

5.4CVSS3.3AI score0.00222EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.7 views

PT-2025-25681 · Unknown · Mojoomla School Management

Name of the Vulnerable Software and Affected Versions: mojoomla School Management versions n/a through 93.0.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

7.5CVSS7.6AI score0.00488EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.8 views

PT-2025-25501 · H3C · H3C Gr-3000Ax

Name of the Vulnerable Software and Affected Versions: H3C GR-3000AX version V100R007L50 Description: A critical vulnerability was found in the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It i...

9CVSS8.7AI score0.00538EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24323 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A vulnerability has been found in the code-projects Laundry System, classified as problematic. This issue affects unknown code of the file /data/edit type.php. The manipulation of the Type...

5.4CVSS3.8AI score0.00239EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.8 views

PT-2025-23790 · Unknown · Codeastro Real Estate Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A critical issue affects the processing of the file /profile.php. The manipulation of the content argument leads to SQL injection. The attack can be initiated remotely. An explo...

9.8CVSS6.9AI score0.00422EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2025/05/18 12:0 a.m.9 views

PT-2025-21847 · Unknown · Phpgurukul News Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul News Portal version 4.1 Description: A critical issue has been discovered, affecting an unknown functionality of the file /admin/aboutus.php. The manipulation of the pagetitle argument leads to SQL injection. This issue can be...

9.8CVSS7.6AI score0.00472EPSS
Exploits1References10
Rows per page
Query Builder