EUVD-2025-31087

Malicious code in bioql PyPI...

CVE-2025-10944

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

CVE-2025-10944

The CVE-2025-10944 entry concerns yi-ge get-header-ip:ip.php, where the callback argument in the ip function can be manipulated to trigger cross-site scripting. Affected versions are those prior to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. The weakness can be exploited remotely via network access...

CVE-2025-10944 yi-ge get-header-ip ip.php cross site scripting

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling...

CVE-2025-55473

Asian Arts Talents Foundation AATF Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting XSS. The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows a...

CVE-2025-55473

Asian Arts Talents Foundation AATF Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting XSS. The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows a...

CVE-2025-55473

CVE-2025-55473 affects Asian Arts Talents Foundation (AATF) Website v5.1.x and its Docker image 2024.12.8.1. The vulnerability is a Cross-Site Scripting (XSS) in the /ip.php endpoint, where the X-Forwarded-For HTTP header is parsed and displayed without proper sanitization or output encoding. Thi...

CVE-2025-55473

Asian Arts Talents Foundation AATF Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting XSS. The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows a...

PT-2025-8721

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A remote code execution issue was discovered in the admin ip.php component, allowing for potential code execution. Recommendations: For SeaCMS version 13.3, update to a newer version that contains a fix for th...

SeaCMS Security Vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version V12.9, which originates from an arbitrary file write vulnerability in adminip.php...

CVE-2022-48093

Seacms v12.7 was discovered to contain a remote code execution RCE vulnerability via the ip parameter at admin ip.php...

SeaCMS 代码注入漏洞

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v12.7, which stems from the manipulation of the ip parameter in its admin ip.php component that allows an...