EUVD-2025-30873

Malicious code in bioql PyPI...

EUVD-2025-29106

Malicious code in bioql PyPI...

CVE-2025-11096

The CVE-2025-11096 entry concerns D-Link DIR-823X (version 250416) and a command-injection flaw in the /goform/diag_traceroute handler. The root cause is manipulation of the target_addr argument, enabling remote code execution. The vulnerability is reported as exploitable remotely and an exploit ...

CVE-2025-10590

A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-9387

CVE-2025-9387 concerns DCN DCME-720 v9.1.5.11. The vulnerability is in the Web Management Backend, specifically the file /usr/local/www/function/audit/newstatistics/ip_block.php, where manipulating the ip argument leads to an OS command injection. This can be exploited remotely; the exploit has b...

CVE-2024-10349

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2025-1959

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /changespwd.php. The manipulation of the argument loginid/loginkey leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-6374 lahirudanushka School Management System Subject Page subject.php cross site scripting

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...

UBUNTU-CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

SUSE CVE-2017-12456

The readsymbolstabsdebugginginfo function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file...

CVE-2022-4250 Movie Ticket Booking System booking.php cross site scripting

A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has...

Graphviz Null Pointer Dereference Vulnerability

Graphviz Graph Visualization Software is a suite of open source drawing tools developed by AT&T Labs in the United States for drawing graphics described by DOT language scripts. A security vulnerability exists in the 'rebuildvlists' function in the lib/dotgen/conc.c file of the dotgen library in...

radare2 denial of service vulnerability (CNVD-2018-12206)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the stringscanrange function in radare2 2.5.0. A remote attacker ca...

GO4I.NET ASP Forum 1.0 - SQL Injection

GO4I.NET ASP Forum 1.0 - SQL Injection Bl@ckbe@rD 'Tunisian TerrorisT' ===================== ----------------------------------------------------------------------------------- + Script Name : Asp Forum v1.0 Rem0te SQL Injection EXploit + Author : Bl@ckbe@rD 'Tunisian TerrorisT' + Contact :...