84 matches found
EUVD-2023-52835
Malicious code in bioql PyPI...
EUVD-2025-18364
Malicious code in bioql PyPI...
EUVD-2024-33232
Malicious code in bioql PyPI...
EUVD-2025-17608
Malicious code in bioql PyPI...
EUVD-2022-46157
Malicious code in bioql PyPI...
CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...
PHPMailer Command Injection Vulnerability
PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed...
CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...
CVE-2025-6509
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads...
PT-2025-28023 · Hdf5 +1 · Hdf5 +1
Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A problematic vulnerability was found in HDF5, affecting the function H5FS sect link size of the file src/H5FSsection.c. This manipulation leads to a heap-based buffer overflow. The attack can be launched on t...
CVE-2025-6113 Tenda FH1203 AdvSetLanip fromadvsetlanip buffer overflow
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...
PT-2025-25470 · WordPress · Userpro
Name of the Vulnerable Software and Affected Versions: UserPro - Community and User Profile WordPress Plugin versions up to, and including, 5.1.10 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
BIT-MARIADB-MIN-2022-27377
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL statements...
PT-2025-23086 · Avast · Avast Business Antivirus For Linux
Name of the Vulnerable Software and Affected Versions: Avast Business Antivirus for Linux version 4.5 Description: The issue is related to a lack of file validation in the do update vps function, allowing a local user to potentially spoof or tamper with update files through unverified file writes...
CVE-2024-32288
Tenda W30E v1.0 V1.0.1.25633 firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2023-37700
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2022-45672
Tenda i22 V1.0.0.34687 was discovered to contain a buffer overflow via the formWx3AuthorizeSet function...
CVE-2022-41413
perfSONAR v4.x = v4.4.5 was discovered to contain a Cross-Site Request Forgery CSRF which is triggered when an attacker injects crafted input into the Search function...