54 matches found
CVE-2018-25415 AiOPMSD Final 1.0.0 SQL Injection via director Parameter
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...
PT-2026-45120
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
Astra Linux - уязвимость в twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-2850
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...
SUSE CVE-2026-25892
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...
CVE-2020-37114
CVE-2020-37114 affects GUnet OpenEclass 1.7.3. The flaw arises from improper access controls and information disclosure in multiple modules, allowing both unauthenticated and authenticated users to access sensitive data (system info, application version) and view/download other users’ uploaded as...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
Malicious code in sails-rollup-unuk-xo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33fd2b89cf4ed018cf7deea569ccd3b18d23b7b1f0990df18111c52130666ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-taowo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25de4ffbe1a3e47a92189acb946dca4e41b2327f39e1e398d6cabdb930be7ae0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tanufahuir-sofi-dufuofa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3cff9d96a1ec3cd69794ee052161147486616ad5f119cf98a504fca18566cd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahiyaa-sutiayanu-gandofi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4d7967de0e5d42dc44d53f42174283a413f20edc99b4be625fae38b3e1120bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yasirfaheem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5ac85622fd6fb51ade6126282368dd60c0b60edf871324c639a0ee02016ccc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-kilua22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de838a9d982d05a15ee71a6331796a637cfaa59a79d5ad9d3af55f498a53707e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ultimate_boar_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b46e6a4dd09db73c5550540d903afd8e536869c77df451269dc7a5b4de27b1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tomi-tempe8-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c8f756d6d6154184690c6c2c96d2817eb0664e2a31654f12953d3f6fe10b871 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in broad_puma_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f56ccf14e90d58212a53596d06ab6f961b21f38725ce5c271c81b00aefea600 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fauzi-serabi16-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b11044a7ad0440495d86db266150a34cd2ec8f3e065bb615cc8e3e02b08a80a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nadia-brengkes12-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e2ddad3714b6fb62e1488f282d658fa7506d779aea4392d6f204d396d2e473e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-121465 Malicious code in lina-getuk69-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1cee1bcd2c667b267b5083137fc33bbb43193e15adca860b11075c043c38d3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...