CVE-2026-53873

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

EUVD-2026-37739

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

CVE-2026-53873

The CVE-2026-53873 vulnerability affects picklescan prior to 1.0.4, where an incomplete blocklist for the profile module fails to block module-level profile.run(), enabling arbitrary code execution via exec() through crafted pickle files. Attackers can craft malicious pickles calling profile.run(...

PT-2026-37144

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...

CVE-2026-1598

A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information Module. Performing a manipulation of the argument fullname results in cross site scripting. It i...

CVE-2026-22607

Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

EUVD-2023-38262

Malicious code in bioql PyPI...

EUVD-2022-24431

Malicious code in bioql PyPI...

CVE-2025-10597 kidaze CourseSelectionSystem COUNT2.php sql injection

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. The attack may be initiated remotely...

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

CVE-2022-44389

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information...

CVE-2015-8232

The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors...

SAMSUNG Mobile device 输入验证错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

PT-2023-24701 · Huawei · Hms Core

Name of the Vulnerable Software and Affected Versions: HMS Core affected versions not specified Description: The issue is related to a version update determination vulnerability in the user profile module. Successful exploitation of this vulnerability may cause repeated HMS Core updates and lead ...

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...