CVE-2026-3862

Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...

ChurchCRM Deserialization Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...

EUVD-2021-28622

Malicious code in bioql PyPI...

EUVD-2022-3773

Malicious code in bioql PyPI...

GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23578)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization handling of the AudioPreDeEcho class when receiving serialized data submitted by the user, which can be exploited by an attacker to execute arbitrary commands on...

GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from unsafe deserialization handling of the AudioPre class when receiving user-submitted serialized data, and can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.13.0 to 2.1.0. The vulnerability stems from unsafe...

CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1...

GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the mail parameter in the confirmationAction of the Powermail extension, allowing an unauthenticated attacker to display user-submitted data of all forms persisted by t...

"powermail" (powermail) Insecure Direct Object Reference (IDOR)

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

EyouCMS Deserialization Vulnerability

EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...

D-Link DIR-846 Deserialization Vulnerability

The D-Link DIR-846 is a wireless router from China's AUO D-Link. The D-Link DIR-846 suffers from a deserialization vulnerability that originates from the unsafe deserialization of the parameters smartqosexpressdevices/smartqosnormaldevices of the file /HNAP1/ in the receipt of user-submitted...

ThinkPHP deserialization vulnerability

ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology. thinkPHP v6.0.12 version has a deserialization vulnerability, which originates from the component vendorleagueflysystem-cached- adaptersrcStorageAbstractCache.ph...

CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1...