EUVD-2025-6758

Malicious code in bioql PyPI...

CVE-2025-0822

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...

Timing Attack

Cryptography is vulnerable to a Timing Attack. This vulnerability is due to the predictable structure of padding in ciphertexts during RSA encryption. This flaw enables an attacker to distinguish between different types of padding errors, potentially leading to the decryption of captured messages...

Shijiazhuang Jiufan Network Technology Co., Ltd. station building system exists SQL injection vulnerability

Shijiazhuang Jiufan Network Technology Co., Ltd. is a company focusing on website construction, website optimization and other business. Shijiazhuang Jiufan Network Technology Co., Ltd. website building system exists SQL injection vulnerability. Attackers can use the vulnerability to obtain serve...

Sensitive File Disclosure (HTTP)

The script attempts to identify files containing sensitive data at the remote web server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa...