304 matches found
EUVD-2005-3665
Malware in sbrugna...
EUVD-2021-2131
Malware in sbrugna...
EUVD-2010-1344
Malware in sbrugna...
EUVD-2018-0771
Malware in sbrugna...
EUVD-2025-28219
Malicious code in bioql PyPI...
EUVD-2022-33946
Malicious code in bioql PyPI...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
Campcodes Online Loan Management System 安全漏洞
CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter loanid in...
CVE-2025-55301 The Scratch Channel Allows Username Modification
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...
PT-2025-34671 · Unknown · Scratch Channel
Name of the Vulnerable Software and Affected Versions: The Scratch Channel version 1 The Scratch Channel version 1.1 Description: The application allows modification of the account's username locally by accessing local storage through the developer tools. Recommendations: Update to version 1.1...
PT-2025-31033 · Code Projects · Code-Projects Online Ordering System
Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical vulnerability exists in code-projects Online Ordering System. The issue involves SQL injection, specifically through manipulation of the firstname argument in the...
PT-2025-28986 · Mediatek +1 · Mt8365 +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: This issue involves an invalid pointer dereference in the pinctrl: mediatek: eint subsystem for platforms using version 1 of the common driver. A commit introduced access to the soc...
[SECURITY] [DLA 4223-1] debian-security-support update
Debian LTS Advisory DLA-4223-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón June 21, 2025 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:11+2025.06.21 Debian Bug : 1100929 1106203 debian-security-support, the Debian security...
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-28996 WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through = 1.3.5...
CVE-2024-49373
No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...
CVE-2023-41047
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...
CVE-2023-23898
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...
CVE-2022-32374
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getsubjectrouting.php?id=...
ALPINE-CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...