ChurchCRM Deserialization Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...

EUVD-2021-28622

Malicious code in bioql PyPI...

EUVD-2022-3773

Malicious code in bioql PyPI...

GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23578)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization handling of the AudioPreDeEcho class when receiving serialized data submitted by the user, which can be exploited by an attacker to execute arbitrary commands on...

GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from unsafe deserialization handling of the AudioPre class when receiving user-submitted serialized data, and can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.13.0 to 2.1.0. The vulnerability stems from unsafe...

CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1...

GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the mail parameter in the confirmationAction of the Powermail extension, allowing an unauthenticated attacker to display user-submitted data of all forms persisted by t...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

EyouCMS Deserialization Vulnerability

EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...

D-Link DIR-846 Deserialization Vulnerability

The D-Link DIR-846 is a wireless router from China's AUO D-Link. The D-Link DIR-846 suffers from a deserialization vulnerability that originates from the unsafe deserialization of the parameters smartqosexpressdevices/smartqosnormaldevices of the file /HNAP1/ in the receipt of user-submitted...

ThinkPHP deserialization vulnerability

ThinkPHP is a PHP-based, open-source, lightweight web application development framework from China Top Thinking Information Technology. thinkPHP v6.0.12 version has a deserialization vulnerability, which originates from the component vendorleagueflysystem-cached- adaptersrcStorageAbstractCache.ph...

CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1...

Unspecified Vulnerability in MingSoft Mcms

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...

Alquist Path Traversal Vulnerability (CNVD-2022-10717)

Alquist is an advanced conversational Ai bot used to have fun and engaging conversations with humans about popular topics such as movies, sports, news, etc. A security vulnerability exists in the Alquist Manager. The security vulnerability in Alquist Manager stems from a lack of effective filteri...

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the lack of filtering and escaping of user-submitted data in AssetsController, for which no detailed vulnerability details are currently available...