18 matches found
EUVD-2019-19311
Malware in sbrugna...
EUVD-2020-4983
Malware in sbrugna...
EUVD-2021-20100
Malware in sbrugna...
EUVD-2023-30268
Malicious code in bioql PyPI...
EUVD-2023-52444
Malicious code in bioql PyPI...
EUVD-2022-4079
Malicious code in bioql PyPI...
EUVD-2025-17330
Malicious code in bioql PyPI...
EUVD-2024-20711
Malicious code in bioql PyPI...
EUVD-2022-46917
Malicious code in bioql PyPI...
CVE-2025-22490
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...
CVE-2025-29877
CVE-2025-29877 affects QNAP File Station 5. The issue is a NULL pointer dereference in File Station 5 (remote user with an account can trigger a DoS). A fix is available in File Station 5 version 5.5.6.4847 and later. Multiple sources (NVD, Red Hat, CNVD, CVE lists) describe the vulnerability as ...
CVE-2025-32015
FreshRSS before version 1.26.2 is affected by an XSS in the iframe srcdoc sanitization, allowing an attacker to load UserJS via a script src if they control a victim feed and have a user account. The attacker could access the victim’s account; if the victim is an admin, they could delete users or...
CVE-2024-23190
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...
PT-2025-18314 · Opencti · Opencti
Name of the Vulnerable Software and Affected Versions: OpenCTI versions 6.4.8 through 6.4.9 Description: The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for...
CVE-2025-24856
An issue was discovered in the oidc aka OpenID Connect Authentication extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: 1 an attacker can anticipate the...
GHSA-2R87-74CX-2P7C XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Impact Any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a instance, as a connected user without script nor...
Logic Flaw Vulnerability in Super Star Learning Express Application System Platform
Chaostar is the abbreviation of Beijing Chaostar Company full name: Beijing Century Chaostar Information Technology Development Co., Ltd. Founded in 1993, Chaostar is one of the early companies in China engaged in digitization of paper materials as well as production of electronic publications. A...
Geeklog 1.3.7 - Homepage User HTML Injection
Geeklog 1.3.7 - Homepage User HTML Injection source: https://www.securityfocus.com/bid/6604/info Geeklog is prone to HTML injection attacks. The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script...