108 matches found
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the require process. An attacker can access sensitive local .js and .json files by supplying malicious JavaScript templates that exploit the module loader to bypass file access restrictions. This is only...
CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...
EUVD-2016-8083
Malware in sbrugna...
EUVD-2012-2828
Malware in sbrugna...
EUVD-2013-0840
Malware in sbrugna...
EUVD-2007-4582
Malware in sbrugna...
EUVD-2016-0859
Malware in sbrugna...
EUVD-2023-0091
Malicious code in bioql PyPI...
EUVD-2023-24015
Malicious code in bioql PyPI...
EUVD-2022-52208
Malicious code in bioql PyPI...
EUVD-2025-6092
Malicious code in bioql PyPI...
PT-2025-31015 · Code Projects · Exam Form Submission
Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A critical issue exists in code-projects Exam Form Submission 1.0. The vulnerability is due to SQL injection, which can be triggered by manipulating the email argument in the /admin/...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
PT-2025-27100 · Ctusers · Ctusers
Name of the Vulnerable Software and Affected Versions: CTUsers versions through 1.0.0 Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. Recommendations:...
PT-2025-26269 · Unknown · Phpgurukul Notice Board System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Notice Board System version 1.0 Description: A problematic issue has been found in the PHPGurukul Notice Board System, affecting the file /admin/manage-notices.php of the Add Notice component. The manipulation of the Title and...
PT-2025-25681 · Unknown · Mojoomla School Management
Name of the Vulnerable Software and Affected Versions: mojoomla School Management versions n/a through 93.0.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...
PT-2025-25501 · H3C · H3C Gr-3000Ax
Name of the Vulnerable Software and Affected Versions: H3C GR-3000AX version V100R007L50 Description: A critical vulnerability was found in the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It i...
PT-2025-24323 · Unknown · Code-Projects Laundry System
Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A vulnerability has been found in the code-projects Laundry System, classified as problematic. This issue affects unknown code of the file /data/edit type.php. The manipulation of the Type...
PT-2025-23790 · Unknown · Codeastro Real Estate Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A critical issue affects the processing of the file /profile.php. The manipulation of the content argument leads to SQL injection. The attack can be initiated remotely. An explo...
PT-2025-21847 · Unknown · Phpgurukul News Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul News Portal version 4.1 Description: A critical issue has been discovered, affecting an unknown functionality of the file /admin/aboutus.php. The manipulation of the pagetitle argument leads to SQL injection. This issue can be...