EUVD-2021-30372

Malicious code in bioql PyPI...

TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)

Description A critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. Impact...

CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

CVE-2024-1044

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitreview' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with...

PT-2024-38632 · WordPress · Wp Hotel Booking

Name of the Vulnerable Software and Affected Versions: WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.2 Description: The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update review function. This...

PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv

Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...

Insecure direct object references in "review" function

Description Insecure direct object references in review a book function allows one user to create a comment on behalf of another. Proof of Concept POST /post/review HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=bYsdqkQkkbYXZYRVd8AynhYxG1rBb2AoOfAO76XCYmgzXK3A266EpZamGcKL0pN5;...

CVE-2021-43439

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely...

CVE-2021-43439

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely...

Command injection

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely...

CVE-2021-43439

CVE-2021-43439 : RCE in the Add Review Function of iResturant 1.0 allows a remote attacker to execute commands. The NVD entry lists CVSSv3.1 base score 9.8 (CRITICAL) with network access, no user interaction, and high confidentiality/integrity/availability impact. Connected documents provide cont...

CVE-2021-43439

RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely...