Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

ntopng 输入验证错误漏洞

ntopng is a web-based network traffic monitoring application developed by ntop. ntopng has a vulnerability related to input validation, which stems from URL redirection to untrusted sites...

IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...

IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

Pharmacy Point Of Sale System 安全漏洞

The Pharmacy Point Of Sale System is a web-based application developed by Carlo Montero. It is used to help a pharmacy manage its sales transactions. Version 1.0 of the Pharmacy Point Of Sale System has a security vulnerability, which stems from an SQL injection vulnerability in the...

EUVD-2021-16061

Malware in sbrugna...

EUVD-2022-28588

Malicious code in bioql PyPI...

EUVD-2021-28256

Malicious code in bioql PyPI...

EUVD-2023-2726

Malicious code in bioql PyPI...

EUVD-2021-8676

Malicious code in bioql PyPI...

EUVD-2024-46369

Malicious code in bioql PyPI...

CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from an XPath injecti...

Information Kerala Mission SANCHAYA 安全漏洞

Information Kerala Mission SANCHAYA is a web-based application of the Information Kerala Mission Government of India department through which citizens can check their tax dues. A security vulnerability exists in Information Kerala Mission SANCHAYA v3.0.4. An attacker can exploit the vulnerability...

CVE-2024-11146

TrueFiling (cloud-hosted filing system) prior to version 3.1.112.19 trusts client-controlled identifiers passed in URLs, enabling authenticated users to manipulate identifiers to gain partial access to case information and to partially change user access. The issue is a user-controlled authorizat...

Ampache 安全漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A security vulnerability exists in Ampache that stems from the ability to delete objects playlists, smartlists, etc. via a cross-site request forgery attack...

Siemens Location Intelligence Weak Password Vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a weak password vulnerability that can be exploited by attackers to conduct...

Siemens Location Intelligence suffers from insufficient encryption strength vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from an insufficient encryption strength vulnerability, which can be exploited by ...

CVE-2024-33800

A SQL injection vulnerability in /model/getstudent1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...