83 matches found
EUVD-2022-48375
Malicious code in bioql PyPI...
EUVD-2025-6627
Malicious code in bioql PyPI...
EUVD-2022-52538
Malicious code in bioql PyPI...
EUVD-2022-1127
Malicious code in bioql PyPI...
EUVD-2023-38626
Malicious code in bioql PyPI...
EUVD-2023-0342
Malicious code in bioql PyPI...
EUVD-2023-47869
Malicious code in bioql PyPI...
PT-2025-34595 · Mitsubishi · Melsec Iq-F Series Cpu Module
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module affected versions not specified Description: An improper handling of a length parameter inconsistency exists in the web server function of the product. This allows a remote,...
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...
CVE-2025-43856 immich allows account hijacking through oauth2
immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow...
CVE-2025-53515
Advantech iView is affected by CVE-2025-53515. The vulnerability exists in NetworkServlet.archiveTrap() and enables SQL injection with remote code execution. An authenticated attacker with at least user-level privileges can exploit insufficient input sanitization to perform SQL injection and pote...
Dromara MaxKey 代码问题漏洞
Dromara MaxKey is an IAM-IDaas identity management and authentication product from Dromara open source. A code issue vulnerability exists in Dromara MaxKey version 4.1.7 and earlier, which stems from a misbehavior of the parameter post, leading to server-side request forgery...
CVE-2025-5673
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
mccms 代码问题漏洞
mccms Man City CMS is a rapid website building system for individual developers of China Smokey River South chshcms. A code issue vulnerability exists in version 2.7 of mccms, which stems from improper handling of the pic parameter in the file sys/apps/controllers/api/Gf.php, which may lead to...
CVE-2023-41559
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42multi, and Tenda AC5 V1.0RTLV15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2022-46934
kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-25396
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter...
CVE-2022-32404
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageinmate.php:3...
CVE-2022-45509
Tenda W30E V1.0.1.25633 was discovered to contain a stack overflow via the account parameter at /goform/addUserName...