9 matches found
CVE-2026-2952
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...
PT-2026-21451
Name of the Vulnerable Software and Affected Versions Vaelsys version 4.1.0 Description A flaw exists in Vaelsys 4.1.0 related to the HTTP POST Request Handler component. Specifically, manipulation of the xajaxargs argument within a request to the file '/tree/tree server.php' can lead to operatin...
EUVD-2025-22854
Malicious code in bioql PyPI...
CVE-2025-8261
A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgridserver.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been...
CVE-2025-8259
A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the function executeDataObjectProc of the file /grid/vgridserver.php. The manipulation of the argument xajaxargs leads to os command injection. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-8260
CVE-2025-8260 affects Vaelsys 4.1.0, specifically code in /grid/vgrid_server.php of the MD4 Hash Handler. Manipulating the argument xajaxargs leads to use of a weak hash. The vulnerability is exploitable remotely with network access; attack complexity is described as high, and exploitation is con...
CVE-2025-8260 Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgridserver.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out...
CVE-2025-8259 Vaelsys VaelsysV4 Web interface vgrid_server.php execute_DataObjectProc os command injection
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function executeDataObjectProc of the file /grid/vgridserver.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be execut...
PT-2025-31050 · Unknown · Vaelsys 4.1.0
Name of the Vulnerable Software and Affected Versions: Vaelsys version 4.1.0 Description: A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid server.php of the component MD4 Hash Handler. The manipulation o...