12 matches found
CVE-2026-15628
creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...
CVE-2026-15628
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...
Fedora 39 : php (2024-7c800c4df7)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7c800c4df7 advisory. PHP version 8.2.24 26 Sep 2024 CGI: Fixed bug GHSA-p99j-rfp4-xqvq Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8926 nielsdos...
CVE-2023-32133
CVE-2023-32133 covers a vulnerability in Sante DICOM Viewer Pro where the J2K image parsing can cause an out-of-bounds write, enabling remote code execution. The flaw occurs when parsing J2K data: crafted images can write past the end of an allocated buffer, allowing code execution in the process...
CVE-2023-32133 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target...
CVE-2020-15628
CVE-2020-15628 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_mail_autoreply.php where the parameter parsing for the user input is not properly validated before being used to build SQL queries, enabling a remote SQL injection in the root context. Authentication is not required....
nationalidentityworkshop.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1099668 Security Researcher geeknik Helped patch 8956 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting nationalidentityworkshop.c...
CVE-2019-15628
creationtimestamp| type| source ---|---|--- 2019-12-05 17:43:56+00:00| seen| https://t.me/canyoupwnme/6165 2024-03-05 10:12:41+00:00| seen| https://t.me/ctinow/200063...
CVE-2018-15628
...
CVE-2017-15628
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpserver.lua file...
CVE-2017-15628
Technical details for CVE-2017-15628 are not publicly available in the provided connected documents; monitor for updates.
TP-Link Remote Command Injection
Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account a...