14 matches found
EUVD-2025-7818
Malicious code in bioql PyPI...
EUVD-2025-7685
Malicious code in bioql PyPI...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25907
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25907
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
CVE-2025-27910 concerns tianti v2.3, which contains a CSRF in the /user/ajax/upd/status handler. The advisory states that an attacker can trigger arbitrary operations by crafting a GET or POST request, with a CVSSv3.1 base score of 8.0 (HIGH) and an attack that is network-based, requires low priv...
CVE-2025-25907
CVE-2025-25907 affects the tianti CMS, version 2.3. The issue is a Cross-Site Request Forgery (CSRF) in the component /user/ajax/save that allows an attacker to cause arbitrary operations via a crafted GET or POST request. The primary consequence is unauthorized actions performed with the user’s ...