EUVD-2026-5551

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

CVE-2025-65009

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

PT-2025-48666

A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...

EUVD-2025-197998

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. The vendor was notified early about this vulnerability, but didn't respond...

CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

EUVD-2025-25716

Malicious code in bioql PyPI...

EUVD-2025-25275

Malicious code in bioql PyPI...

EUVD-2025-25274

Malicious code in bioql PyPI...

CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

CVE-2025-54175

QuickCMS.EXT is affected by a Reflected XSS in the sFileName parameter of the thumbnail viewer. The issue allows arbitrary JavaScript execution via a crafted URL. Only version 6.8 has been tested and confirmed vulnerable; other versions may also be affected. The vendor was notified but did not pr...

telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8998/info It has been reported that SimpleWebserver may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient...

Novell GroupWise 6.5.3 Client Local Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14952/info Novell GroupWise Client is prone to a local integer overflow vulnerability. The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete...

HServer 0.1.1 - Directory Traversal

HServer 0.1.1 - Directory Traversal source: https://www.securityfocus.com/bid/51286/info HServer web server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this issue will allow an attacker to...

WebGlimpse 2.18.7 - DOC Directory Traversal

WebGlimpse 2.18.7 - DOC Directory Traversal source: https://www.securityfocus.com/bid/52651/info WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal...

security flaw

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006...

W-Agora 4.2 - BBCode Script Injection

source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora can be configured to send all user...