CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...

EUVD-2022-48414

Malicious code in bioql PyPI...

EUVD-2025-4486

Malicious code in bioql PyPI...

CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...

CVE-2025-25767

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request...

CVE-2025-25767

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request...

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

Sql injection

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

CVE-2024-25428

CVE-2024-25428 affects MRCMS v3.1.2 where the status parameter is vulnerable to SQL injection, enabling an attacker to run arbitrary system commands. Root cause: improper input handling leading to SQL injection. Impact per available data: potential command execution with network access, no user i...

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...

Improper access control

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform...

CVE-2023-50082

CVE-2023-50082 affects Aoyun Technology pbootcms v3.1.2 and is caused by Incorrect Access Control, enabling session leakage that can expose sensitive information and allow a user to avoid logging into the backend management platform. The provided connected documents consistently describe the issu...

GHSA-RW82-MHMX-GRMJ Guest Entries Remote code execution via file uploads

Impact When using the file uploads feature, it was possible to upload PHP files. Patches The vulnerability is fixed in v3.1.2...

CVE-2023-39639

LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs...

CVE-2023-39639

CVE-2023-39639 affects LeoTheme leoblog up to v3.1.2. The vulnerability is a SQL injection in LeoBlogBlog::getListBlogs, enabling unauthorized access via crafted input. CVSS 3.1 base score 9.8 (NETWORK, LOW attack complexity, no privileges, no user interaction; confidentiality, integrity, and ava...

CVE-2023-39639

LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs...

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...