34 matches found
CVE-2022-27083
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...
EUVD-2019-8887
Malware in sbrugna...
EUVD-2004-0791
Malware in sbrugna...
EUVD-2013-1906
Malware in sbrugna...
EUVD-2018-17902
Malware in sbrugna...
EUVD-2025-7044
Malicious code in bioql PyPI...
EUVD-2025-15532
Malicious code in bioql PyPI...
EUVD-2022-47737
Malicious code in bioql PyPI...
EUVD-2023-45379
Malicious code in bioql PyPI...
EUVD-2025-19477
Malicious code in bioql PyPI...
CVE-2025-4383 Authentication Bypass in Art-In Systems' Wi-Fi Cloud Hotspot
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass. This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025...
CVE-2022-25047
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...
CVE-2022-2353
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...
CVE-2025-47928
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...
CVE-2025-40578
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions. Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short ti...
CVE-2025-4282
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The...
CVE-2025-30694
CVE-2025-30694 affects Oracle Database Server’s XML Database component. Affected versions are 19.3–19.26, 21.3–21.17, and 23.4–23.7. The vulnerability is exploitable by a low-privilege user with User Account privilege who has network access via HTTP, with exploitation requiring user interaction. ...
CVE-2025-32372 Server-Side Request Forgery (SSRF) in DotNetNuke.Core
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...
Gradio Path Traversal vulnerability
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...
CVE-2024-7035
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...