6 matches found
EUVD-2025-31713
Malicious code in bioql PyPI...
CVE-2025-8119
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue...
CVE-2025-8120
Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...
CVE-2025-7065
Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www,...
CVE-2025-8121
CVE-2025-8121 describes an input neutralization flaw that enables Blind SQL Injection in article positioning across templates www, bip, and ww+bip. The affected product is End-Of-Life, and no patches will be published by the vendor. The description does not provide concrete exploit vectors beyond...
CVE-2025-8119 Cross-Site Request Forgery in PAD CMS
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue...