CVE-2025-11629 RainyGao DocSys getUserList.do getUserList sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...

EUVD-2025-26716

Malicious code in bioql PyPI...

PT-2025-35914

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAppReportCodeid and dataAppReportCodename...

CVE-2025-8756

A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper...

CVE-2025-8756 TDuckCloud tduck-platform manage preHandle improper authorization

A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper...

TikTok: reflected xss on the path m.tiktok.com

A cross site scripting vulnerability was found in Ambassador Manage endpoint. We thank @semsem123 for reporting this to our team...

PT-2018-18747 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an "action=modify" request to the "user/manage.php" endpoint...