EUVD-2025-26141

Malicious code in bioql PyPI...

EUVD-2025-20413

Malicious code in bioql PyPI...

EUVD-2025-18768

Malicious code in bioql PyPI...

EUVD-2022-42621

Malicious code in bioql PyPI...

EUVD-2025-9777

Malicious code in bioql PyPI...

EUVD-2025-4220

Malicious code in bioql PyPI...

EUVD-2024-51758

Malicious code in bioql PyPI...

EUVD-2025-19219

Malicious code in bioql PyPI...

EUVD-2025-27461

Malicious code in bioql PyPI...

CVE-2025-11018

A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal. It is possible to launch...

WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Photospace Responsive versions = 2.2.0...

CVE-2025-10961

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. This affects the function sub4030C0 of the file /cgi-bin/wireless.cgi of the component DeleteMaclist Page. Executing manipulation of the argument deletelist can lead to command injection. The vendor was contacted early about this...

PT-2025-39472

Name of the Vulnerable Software and Affected Versions roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40 Description An issue exists in roncoo-pay where manipulation of an unknown function within the /user/info/lookupList file can lead to improper authorization. This issue can ...

CVE-2025-10978

JeecgBoot up to 3.8.2 is affected. The vulnerability lies in the Filter Handler’s /sys/user/exportXls function, where improper authorization can be triggered remotely. Reports across multiple feeds state the exploit has been released publicly, with the vendor reportedly non-responsive. Affected v...

CVE-2025-10962

The CVE-2025-10962 affects Wavlink NU516U1 M16U1_V240425. The flaw occurs in the SetName Page, function sub_403198, where manipulation of the mac_5g argument in /cgi-bin/wireless.cgi enables remote command injection. Public exploit is available, and the vendor was contacted without response. CVSS...

PT-2025-38647

Name of the Vulnerable Software and Affected Versions htmly versions up to 3.1.0 Description A security issue has been identified in htmly. Manipulation of the label argument in an unknown function within the file /htmly/admin/field/post of the Custom Field Handler component can lead to cross-sit...

CVE-2025-10716 Creality Cloud App com.cxsw.sdprinter AndroidManifest.xml improper export of android application components

A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible ...

PT-2025-38530

Name of the Vulnerable Software and Affected Versions 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions up to 20250831 Description A cross-site scripting issue exists in 07FLYCMS, 07FLY-CMS, and 07FlyCRM. The vulnerability is located in the /index.php/sysmanage/Login file, where manipulation of the Name...

CVE-2025-10687

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

PT-2025-38472

Name of the Vulnerable Software and Affected Versions SourceCodester Responsive E-Learning System version 1.0 Description A SQL injection issue exists in SourceCodester Responsive E-Learning System 1.0. The Username parameter in the /admin/add teacher.php file is susceptible to manipulation,...