3 matches found
EUVD-2025-24089
Malicious code in bioql PyPI...
CVE-2025-8807
CVE-2025-8807 affects xujeff tianti 天梯 (≤2.3). The root cause is missing authorization in the API endpoint /tianti-module-admin/user/ajax/save, enabling remote exploitation. Public disclosure of the exploit is noted; various feeds corroborate the vulnerability across NVD/Red Hat/CNNVD/CIRCL. Ther...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...