CVE-2026-38930

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

EUVD-2023-3129

Malicious code in bioql PyPI...

CVE-2024-53350

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges...

CVE-2024-53350

CVE-2024-53350 affects kubeslice v1.3.1. Insecure permissions allow an attacker to access the service account token, enabling privilege escalation. The vulnerability is exposed over network (CVSS: 7.4, HIGH) with no user interaction required; attacker privileges are NONE but can read the token to...

CVE-2024-50986

CVE-2024-50986 affects Clementine v1.3.1 and is exploitable via a local DLL hijacking/vector in Windows. A concrete PoC from a GitHub exploit shows that placing a crafted QUSEREX.DLL in C:\Users\AppData\Local\Microsoft\WindowsApps allows Clementine to load the malicious DLL at startup, enabling a...

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

CVE-2024-41228

CVE-2024-41228 describes a symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 . The root cause is a symlink following flaw in the pouch cp operation, enabling attackers to escalate privileges and write arbitrary files. Multiple connected sources corrob...

CVE-2024-44839

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php...

CVE-2024-44839

RapidCMS v1.3.1 contains a SQL injection flaw via the articleid parameter in /default/article.php. The vulnerability impacts confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). No patch/version fix is specified in the provided documents; a PT-2024-31274 note cites no informati...

CVE-2024-45771

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php...

CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

CVE-2024-35050

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin...

CVE-2024-35048

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password...

CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

CVE-2024-35049

SurveyKing v1.3.1 is affected by a session-management issue where users’ sessions remain active after logout, related to an incomplete fix for CVE-2022-25590. CVSSv3.1 base score 9.1 (CRITICAL) with network access, no privileges required, and no user interaction. Impact primarilyConfidentiality a...

CVE-2024-35048

CVE-2024-35048 affects SurveyKing v1.3.1, enabling a session replay attack after password changes. The CVSSv3.1 base score is 4.3 (Medium): Network vector, low privileges, no user interaction, with integrity impact Low. Exploitation status and concrete root cause are not detailed in the provided ...

CVE-2023-48887

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...

Deserialization of untrusted data

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-48887

CVE-2023-48887 applies to Jupiter v1.3.1 and describes a deserialization vulnerability that allows an attacker to execute arbitrary commands by sending a crafted RPC request. The issue is categorized as a high/critical remote code execution risk (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Mu...