21 matches found
EUVD-2026-40955
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...
EUVD-2026-37884
UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...
CVE-2026-54221
UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...
EUVD-2026-37883
uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...
EUVD-2026-5551
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2025-65009
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...
PT-2025-48666
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
EUVD-2025-197998
Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. The vendor was notified early about this vulnerability, but didn't respond...
CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
EUVD-2025-25716
Malicious code in bioql PyPI...
EUVD-2025-25274
Malicious code in bioql PyPI...
EUVD-2025-25275
Malicious code in bioql PyPI...
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54175
QuickCMS.EXT is affected by a Reflected XSS in the sFileName parameter of the thumbnail viewer. The issue allows arbitrary JavaScript execution via a crafted URL. Only version 6.8 has been tested and confirmed vulnerable; other versions may also be affected. The vendor was notified but did not pr...
telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8998/info It has been reported that SimpleWebserver may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient...
Novell GroupWise 6.5.3 Client Local Integer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14952/info Novell GroupWise Client is prone to a local integer overflow vulnerability. The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete...
HServer 0.1.1 - Directory Traversal
HServer 0.1.1 - Directory Traversal source: https://www.securityfocus.com/bid/51286/info HServer web server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this issue will allow an attacker to...
WebGlimpse 2.18.7 - DOC Directory Traversal
WebGlimpse 2.18.7 - DOC Directory Traversal source: https://www.securityfocus.com/bid/52651/info WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal...
security flaw
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006...