377 matches found
CVE-2024-12125
The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...
foreman: OS command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...
CVE-2025-10622
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...
CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...
CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...
CVE-2025-11890
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...
Red Hat Satellite 安全漏洞
Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...
XiaozhangBang Voluntary Like System 安全漏洞
XiaozhangBang Voluntary Like System is a software program from XiaozhangBang, a Chinese company. A security vulnerability exists in XiaozhangBang Voluntary Like System version V8.8, which stems from insufficient server-side validation of the parameters zhekou and zid in the file /topfirst.php,...
PT-2025-45091
Name of the Vulnerable Software and Affected Versions Red Hat Satellite Foreman component affected versions not specified Description A flaw exists in Red Hat Satellite’s Foreman component that could allow an authenticated user with edit settings permissions to execute arbitrary commands on the...
PT-2025-45162
Name of the Vulnerable Software and Affected Versions XiaozhangBang Voluntary Like System version 8.8 Description A flaw exists in the XiaozhangBang Voluntary Like System version 8.8 that allows remote attackers to manipulate the zhekou parameter within the /topfirst.php Pay module. By sending a...
PT-2025-44808
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker is an open source issue tracker. A lack of server-side validation of note length allows attackers to permanently corrupt issue activity logs by submitting extremely lo...
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length
A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...
PT-2025-41488
Name of the Vulnerable Software and Affected Versions Perfex CRM versions prior to 3.3.1 Description The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the username...
EUVD-2006-3908
Malware in sbrugna...
EUVD-2019-7109
Malware in sbrugna...
EUVD-2020-3191
Malware in sbrugna...
EUVD-2023-36212
Malicious code in bioql PyPI...
EUVD-2025-26118
Malicious code in bioql PyPI...
EUVD-2025-7671
Malicious code in bioql PyPI...
EUVD-2024-18191
Malicious code in bioql PyPI...