CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...

EUVD-2025-36381

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-50481 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-50481 Source advisory: OSV:GHSA-269J-37WW-CMH3...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-6050 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-6050 Source advisory: OSV:GHSA-7PR5-W74R-JJJ7...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-29573 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-29573 Source advisory: SNYK:PYTHON-MEZZANINE-10074181...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-29573 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-29573 Source advisory: OSV:GHSA-2544-HPCQ-6G27...

cartridge-braintree (>=1.2.1 <=1.2.2), django-clubhouse (>=0.0.1 <=0.2.19) +1 more potentially affected by CVE-2025-29573 via mezzanine (>=4.1.0 <=4.3.1)

mezzanine PYPI version =4.1.0, =1.2.1, =0.0.1, =0.1.0b1, =1.7.1 Source cves: CVE-2025-29573 Source advisory: OSV:PYSEC-2025-136...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2024-25170 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2024-25170 Source advisory: OSV:GHSA-22CC-W7XM-RFHX...

SQL Injection

oliverklee/seminars is vulnerable to SQL injection. Lack of sufficient sanitisation of input query to EventBagBuilder::limitToOrganizers and EventBagBuilder::limitToCategories allows an attacker to inject malicious SQL query...

CVE-2022-29601

The CVE-2022-29601 entry applies to TYPO3’s Seminar Manager extension (aka seminars) up to version 4.1.3, which is vulnerable to SQL Injection. The vulnerability stems from inadequate sanitization/cleaning of user-supplied data, enabling an attacker to construct requests that execute arbitrary SQ...

cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2020-19002 via mezzanine (>=3.1.10 <=6.0.0)

mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2020-19002 Source advisory: OSV:GHSA-FPV7-HX6R-9VCX...

seminars.econ.ubc.ca XSS vulnerability

Open Bug Bounty ID: OBB-331256 Description| Value ---|--- Affected Website:| seminars.econ.ubc.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Nigerian scams without the Nigerians

Users in English speaking countries are quite familiar with the Nigerian scam: an important guy in Nigeria needs your help getting his money out of the country and if you assist with some transaction fees, a chunk of his fortune could be yours. But what about non-English speaking countries? What...

sign-up.aviationseminars.com XSS vulnerability

Vulnerable URL: https://sign-up.aviationseminars.com/frifrsemsignup.php?fr=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

XOOPS 'seminars' Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27891/info The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker...

PHP-Nuke 'Seminars' Module - 'fileName' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28089/info The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files...

Cross-site scripting vulnerability in extension Seminars (seminars)

It has been discovered that the extension "Seminars" seminars is vulnerable to cross-site scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.3 and below Vulnerability Type: Cross-site scripting Severity:...

Онлайн семинары, источники.

В этой теме собираем информацию о ресурсах проводящих онлайн конференции по нашей тематике. На данный момент это: Вебинары: от Positive Technologies от Neuron hackspace Презентации: Так же можно послушать радио от Eset:...

PHP-Nuke Seminars Module - Filename Local File Inclusion

PHP-Nuke Seminars Module - Filename Local File Inclusion source: https://www.securityfocus.com/bid/28089/info The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized...

PHP-Nuke &#039;Seminars&#039; Module - &#039;Filename&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/28089/info The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the...