EUVD-2026-26393

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...

CVE-2017-20239

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

CVE-2026-0933

Summary of CVE-2026-0933 : A command injection vulnerability exists in the Cloudflare Wrangler tool’s “wrangler pages deploy” command. The root cause is that the commitHash provided via the --commit-hash CLI argument is interpolated directly into a shell command (example: execSync(git show -s --f...

Cloudflare Wrangler security vulnerabilities

Cloudflare Wrangler is a repository managed by Cloudflare. Cloudflare Wrangler has a security vulnerability that stems from insufficient validation or cleanup of the --commit-hash parameter, which may lead to command injection attacks...

CVE-2008-6596

SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

SUSE CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

EUVD-2008-4870

Malware in sbrugna...

EUVD-2008-3770

Malware in sbrugna...

EUVD-2008-0733

Malware in sbrugna...

EUVD-2025-25693

Malicious code in bioql PyPI...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

PDV-Systeme System PDV 安全漏洞

PDV-Systeme System PDV is an order management software from the German company PDV-Systeme. A security vulnerability exists in PDV-Systeme System PDV version 1.0, which stems from an insecure direct object reference in the hash parameter and could lead to the disclosure of sensitive information...

CVE-2025-45968

Summary: CVE-2025-45968 affects System PDV v1.0 and is an IDOR vulnerability in the hash URL parameter that permits a remote attacker to access other users’ data or internal resources without proper authorization. The issue is consistently described across multiple sources (NVD, Red Hat, CVE List...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

PT-2025-34610 · Unknown · System Pdv Version 1.0

Name of the Vulnerable Software and Affected Versions: System PDV version 1.0 Description: The application contains an Insecure Direct Object Reference IDOR vulnerability due to a lack of proper authorization checks when accessing objects referenced by the hash parameter in a URL. This allows...

VulnCheck KEV: CVE-2024-4295

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Shiprocket Module 3 on OpenCart 安全漏洞

Shiprocket Module 3 on OpenCart is a shipping module from Shiprocket. A security vulnerability exists in Shiprocket Module 3 on OpenCart v3, which stems from the parameter contentHash in the file /index.php?route=extension/module/restapi&action=getOrders that can lead to authorization errors...

Job Recruitment 安全漏洞

Job Recruitment by code-projects is a job portal project developed using PHP, CSS, JavaScript, and MySQL technologies. A security vulnerability exists in Job Recruitment version 1.0, which originates from an SQL injection vulnerability in the ehash parameter of the /activation.php page...