WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

CVE-2025-15202

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been...

EUVD-2025-30374

Malicious code in bioql PyPI...

CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-10764

CVE-2025-10764 affects SeriaWei ZKEACMS up to 4.3, specifically the Edit function in Event Action System at src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs. The vulnerability stems from manipulation of the Data argument, enabling server-side request forgery (SSRF) from remote attacke...

CVE-2025-10764 SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from incorrect manipulation of the parameter Data in the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.c...

PT-2025-38659

Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions prior to 4.4 Description A vulnerability exists in SeriaWei ZKEACMS up to version 4.3. The issue affects the Edit function within the src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs file of the Event Acti...

CVE-2025-26428

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Taokeyun SQL Injection Vulnerability

Taokeyun is a shopping mall system by jifeer personal developer. A SQL injection vulnerability exists in Taokeyun version 1.0.5 and earlier versions, which originates from a SQL injection vulnerability in the cid parameter of the index function in the application/index/controller/app/Task.php fil...

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

Veritas Enterprise Vault EVTaskGuardian Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is not required to exploit this vulnerability. The specific flaw exists within EVTaskGuardian.exe. The issue results from the lack of proper validation of...