EUVD-2014-5968

Malware in sbrugna...

EUVD-2025-25617

Malicious code in bioql PyPI...

EUVD-2023-46935

Malicious code in bioql PyPI...

EUVD-2025-9679

Malicious code in bioql PyPI...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

PT-2025-20886 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon web versions 24.10.3 through 24.10.4 Centreon web versions 24.04.09 through 24.04.10 Centreon web versions 23.10.19 through 23.10.21 Centreon web versions 23.04.24 through 23.04.26 Description: The issue is related to improper...

CVE-2025-3087

CVE-2025-3087 concerns a stored XSS in M-Files Web. Affected are M-Files Web versions 25.1.14445.5 through 25.2.14524.4. The issue arises from stored cross-site scripting that can be triggered by an authenticated user who can run scripts. Documented impact is that scripts may be executed in the u...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8651 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=6.1.0 <=6.1.5)

org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2024-22262 Source advisory: OSV:GHSA-2WRP-6FG6-HMC5...

Grup Arge Energy and Control Systems SmartPower Energy Management System SQL注入漏洞

Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A security vulnerability exists in Grup Arge Energy and Control Systems SmartPower Energy...

Grup Arge Energy and Control Systems SmartPower Energy Management System SQL注入漏洞

The Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A SQL injection vulnerability exists in Grup Arge Energy and Control Systems SmartPowe...

CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

PT-2019-2900 · Icedtea +4 · Icedtea-Web +4

Name of the Vulnerable Software and Affected Versions: IcedTea-Web versions 1.7.2 and 1.8.2 Description: The issue is related to the improper sanitization of paths from jar/ elements in JNLP files. This could allow an attacker to trick a victim into running a specially crafted application,...

be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +525 more potentially affected by CVE-2018-12540 via io.vertx:vertx-web (>=3.0.0 <=3.5.2.CR3)

io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12540 Source advisory: OSV:GHSA-RVGG-F8QM-6H7J...

CVE-2016-3020

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...