6 matches found
EUVD-2021-0756
Malware in sbrugna...
EUVD-2025-11861
Malicious code in bioql PyPI...
CVE-2025-32389
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...
CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...
CVE-2025-32389
CVE-2025-32389 concerns NamelessMC prior to 2.1.4, where an SQL injection could be triggered by the square bracket GET parameter syntax (e.g., ?param[0]=a¶m[1]=b¶m[2]=c). The underlying issue is PHP parsing $_GET['param'] as an array when square-bracket syntax is used, enabling injection ...
Code injection
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the applicatio...