18 matches found
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
EUVD-2025-25819
Malicious code in bioql PyPI...
CVE-2025-9444
The CVE concerns 1000projects Online Project Report Submission and Evaluation System 1.0. A SQL injection vulnerability exists in the file /admin/controller/delete_group_student.php, triggered by manipulating the batch_id parameter. This remote attack surface could lead to unauthorized data expos...
CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection
A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...
CVE-2025-9440
A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/addtitle.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-9440 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting
A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/addtitle.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be...
CVE-2025-9434 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting
A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...
CVE-2025-9434
The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...
PT-2025-34726 · Unknown · 1000Projects Online Project Report Submission/Evaluation System
Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A cross site scripting issue exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. Manipulation of the desc...
PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System
Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the address argument i...
1000 Projects Online Project Report Submission and Evaluation System Security Vulnerability
1000 Projects Online Project Report Submission and Evaluation System is a 1000 Projects open source online project report submission and evaluation system . 1000 Projects Online Project Report Submission and Evaluation System version 1.0 has a security vulnerability , the vulnerability stems from...
1000 Projects Online Project Report Submission and Evaluation System Security Vulnerability
1000 Projects Online Project Report Submission and Evaluation System is a 1000 Projects open source online project report submission and evaluation system . 1000 Projects Online Project Report Submission and Evaluation System version 1.0 has a security vulnerability , the vulnerability stems from...
Remote code execution
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...
Schneider Electric IGSS Data Server 访问控制错误漏洞
The Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric, France. An Access Control Error vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from the application's lack of...
PT-2022-3203 · Unknown · Igss Data Server
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions prior to V15.0.0.22170 Description: The issue is related to a missing authentication procedure for critical functions in the IGSS Data Server, part of the Interactive Graphical SCADA System. This could allow a remote...
CVE-2021-42651
A Server Side Template Injection SSTI vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/...
SAP ERP and SAP S/4 HANA Authorization Issues Vulnerability (CNVD-2021-03707)
SAP S/4 HANA and SAP ERP are both products of SAP, an intelligent, integrated ERP software for large organizations.SAP ERP is a family of software for ERP management. An authorization issue vulnerability exists in SAP ERP and SAP S/4 HANA that allows an authenticated attacker to view the cost...
Important: Red Hat Security Advisory: qemu-kvm security update
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...