151 matches found
EUVD-2025-1989
Malicious code in bioql PyPI...
EUVD-2023-40258
Malicious code in bioql PyPI...
EUVD-2025-18485
Malicious code in bioql PyPI...
EUVD-2025-2030
Malicious code in bioql PyPI...
EUVD-2025-30370
Malicious code in bioql PyPI...
EUVD-2023-40212
Malicious code in bioql PyPI...
EUVD-2025-4660
Malicious code in bioql PyPI...
CVE-2025-10759
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The...
CVE-2025-10759
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The...
CVE-2025-10759
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The...
CVE-2025-10759
Webkul QloApps up to 1.7.0 is affected by a CSRF Token Handler vulnerability. Manipulating the token argument can bypass authorization, potentially enabling remote abuse. The exploit is public. Vendor states a fix will be implemented in the next major release; no specific patched version is provi...
CVE-2025-10759 Webkul QloApps CSRF Token authorization
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The...
CVE-2025-10759 Webkul QloApps CSRF Token authorization
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The...
PT-2025-38648
Name of the Vulnerable Software and Affected Versions Webkul QloApps versions up to 1.7.0 Description A flaw exists in Webkul QloApps related to the CSRF Token Handler component. Manipulation of the token argument can lead to authorization bypass, potentially allowing remote attackers to compromi...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.7.0 and earlier, which stems from the incorrect manipulation of the parameter token in the CSRF Token Handler component, which could lead to authorization bypass...
CVE-2025-6173
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...
CVE-2025-6173
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...
CVE-2025-6173
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...
CVE-2025-6173 Webkul QloApps ajax_products_list.php sql injection
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...
CVE-2025-6173 Webkul QloApps ajax_products_list.php sql injection
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...