27 matches found
EUVD-2025-16749
Malicious code in bioql PyPI...
EUVD-2025-16748
Malicious code in bioql PyPI...
EUVD-2025-16747
Malicious code in bioql PyPI...
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation...
CVE-2025-43925
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation...
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation...
CVE-2025-43925
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...
CVE-2025-43925
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation...
CVE-2025-43925
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...
CVE-2025-43923
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation...
PT-2025-23623 · Unicom · Unicom Focal Point
Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: An issue was discovered where the database is encrypted with a hardcoded key, making it easier to recover the cleartext data. Recommendations: For Unicom Focal Point version 7.6.1, consider changi...
PT-2025-23622 · Unicom · Unicom Focal Point
Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: A Cross Site Scripting issue was found. The val parameter in SettingController for the "/fp/admin/settings/loginpage" endpoint and the rootserviceurl parameter in FriendsController for the...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43923
CVE-2025-43923 affects Unicom Focal Point 7.6.1 in the ReportController. The issue allows a user with administrative privileges to perform a SQL injection via the image parameter during a delete report image operation. The CVSS metrics indicate a network-accessible issue with low confidentiality ...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...