21 matches found
EUVD-2025-25450
Malicious code in bioql PyPI...
EUVD-2025-11559
Malicious code in bioql PyPI...
EUVD-2025-13452
Malicious code in bioql PyPI...
CVE-2025-56435
FoxCMS
CVE-2025-55422
In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...
CVE-2025-55409
FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...
CVE-2025-55409
FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...
PT-2025-34666 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: FoxCMS version 1.2.6 contains a Cross Site Scripting issue in the /index.php/article endpoint. This allows attackers to execute arbitrary code. Recommendations: As a temporary workaround, consider restricting...
CVE-2025-55420
A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...
CVE-2025-46154
Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...
PT-2025-23616 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: Foxcms version 1.25 Description: The issue is related to a SQL time injection in the installdb.php script, specifically affecting the $ POST'dbname' parameter. This allows for potential exploitation. Recommendations: For Foxcms version 1.25,...
CVE-2025-46154
Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...
CVE-2025-5155
A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The attack can be launched remotely. The exploit h...
PT-2025-22867 · Qianfox · Foxcms
Name of the Vulnerable Software and Affected Versions: qianfox FoxCMS version 1.2.5 Description: A critical issue has been found in the batchCope function of the app/admin/controller/Article.php file. The manipulation of the ids argument leads to SQL injection. This issue can be exploited remotel...
CVE-2025-45239
An issue in the restores method DataBackup.php of foxcms v2.0.6 allows attackers to execute a directory traversal...
CVE-2025-45240
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...
PT-2025-19729 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: foxcms version 1.2.5 Description: The issue is a SQL injection vulnerability via the executeCommand method in DataBackup.php. This vulnerability allows for potential SQL injection attacks. Recommendations: For foxcms version 1.2.5, consider...
CVE-2025-45238
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...
CVE-2025-45238
FoxCMS v1.2.5 is affected by an arbitrary file deletion vulnerability via the delRestoreSerie method. The issue stems from the delRestoreSerie functionality and can lead to deletion of arbitrary files, as described across multiple sources (including Red Hat and PT Security advisories). The vulner...
CVE-2025-29181
FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...