146 matches found
EUVD-2025-34610
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
EUVD-2023-52103
Malicious code in bioql PyPI...
EUVD-2025-7685
Malicious code in bioql PyPI...
EUVD-2025-7818
Malicious code in bioql PyPI...
EUVD-2022-37918
Malicious code in bioql PyPI...
EUVD-2024-20280
Malicious code in bioql PyPI...
CVE-2025-28099
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...
CVE-2025-28099
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25907
CVE-2025-25907 affects the tianti CMS, version 2.3. The issue is a Cross-Site Request Forgery (CSRF) in the component /user/ajax/save that allows an attacker to cause arbitrary operations via a crafted GET or POST request. The primary consequence is unauthorized actions performed with the user’s ...
CVE-2025-25907
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
tianti 跨站请求伪造漏洞
tianti tianti is a JAVA lightweight CMS solution by jeffry personal developer. A security vulnerability exists in tianti v2.3, which stems from a cross-site request forgery vulnerability in the /user/ajax/save component that could lead to the execution of arbitrary operations...
CVE-2025-27910
CVE-2025-27910 concerns tianti v2.3, which contains a CSRF in the /user/ajax/upd/status handler. The advisory states that an attacker can trigger arbitrary operations by crafting a GET or POST request, with a CVSSv3.1 base score of 8.0 (HIGH) and an attack that is network-based, requires low priv...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...