EUVD-2024-33827

Malicious code in bioql PyPI...

EUVD-2025-14252

Malicious code in bioql PyPI...

EUVD-2021-8553

Malicious code in bioql PyPI...

CVE-2025-8538

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched...

CVE-2025-6105 jflyfox jfinal_cms HOME.java cross-site request forgery

A vulnerability has been found in jflyfox jfinalcms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2023-7053

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an atta...

CVE-2025-4839

CVE-2025-4839 affects itwanger paicoding versions 1.0.0–1.0.3. Affects CrossUtil.java in the paicoding-core path, enabling a permissive cross-domain policy with untrusted domains. Vectors: remote exploitation with rather high complexity; exploitation described as difficult but publicly disclosed....

CVE-2025-4186

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Affected is an unknown function of the file /?g=routeispinfoexportsave. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

CVE-2025-3954

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

CVE-2025-2967

CVE-2025-2967 has been withdrawn/rejected across multiple catalogs (NVD, CVE List) per the initial and linked records. Connected sources describe a separate ConcreteCMS vulnerability (up to 9.3.9) involving XSS via the Save function in the HTML Block Handler, enabling remote exploitation and with...

CVE-2025-2584

A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can ...

CVE-2025-2584

CVE-2025-2584 affects WebAssembly wabt 1.0.36. The vulnerability targets BinaryReaderInterp::GetReturnCallDropKeepCount in wabt/src/interp/binary-reader-interp.cc, enabling a heap-based buffer overflow. It can be triggered remotely; exploitation is deemed high complexity, and user interaction is ...

CVE-2025-2583

The CVE-2025-2583 entry concerns SimpleMachines SMF 2.1.4, with a cross-site scripting flaw in ManageNews.php triggered by manipulating the subject/message argument. Exploitation is described as possible remotely, and public PoCs are referenced, but the real existence of the vulnerability is expl...

CVE-2025-1745 LinZhaoguan pb-cms Logout cross-site request forgery

A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. This vulnerability affects unknown code of the component Logout. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2024-13085 PHPGurukul Land Record System login.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...

CVE-2024-12893

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX . The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotel...

CVE-2008-2285

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorizedkeys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool...

Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting

source: https://www.securityfocus.com/bid/10645/info Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments. It has been...