131 matches found
EUVD-2024-27314
Malicious code in bioql PyPI...
EUVD-2022-41799
Malicious code in bioql PyPI...
EUVD-2024-51561
Malicious code in bioql PyPI...
EUVD-2023-38111
Malicious code in bioql PyPI...
EUVD-2024-47536
Malicious code in bioql PyPI...
EUVD-2023-58232
Malicious code in bioql PyPI...
CVE-2025-7451
The CVE-2025-7451 entry concerns the iSherlock software by Hgiga, where an OS Command Injection vulnerability allows unauthenticated remote attackers to inject and execute arbitrary OS commands on the server. The issue stems from a command-injection root cause enabling full system impact (confide...
CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...
ROS-20250630-09
Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information A...
CVE-2025-3594
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...
CVE-2024-34711
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...
PT-2025-22773 · Unknown · Mojoomla Hospital Management System
Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions 47.020 through 11 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further...
PT-2025-22769 · Unknown · Ajar In5 Embed
Name of the Vulnerable Software and Affected Versions: Ajar in5 Embed versions 3.1.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...
PT-2025-22735 · Unknown · Crossword Compiler
Name of the Vulnerable Software and Affected Versions: Crossword Compiler Puzzles versions 5.2 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
CVE-2021-29448
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...
CVE-2020-2971
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application...
CVE-2020-10038
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the device's web server might be able to execute administrative commands without authentication...
PT-2025-22102 · Mojoomla · Mojoomla Hospital Management System
Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions prior to 47.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further...
CVE-2025-3200
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems...