CVE-2023-54338

CVE-2023-54338 affects Tftpd32 SE 4.60. The unquoted service path in the Tftpd32_svc service allows local attackers to execute arbitrary code with elevated privileges. Red Hat notes the same issue; PT-2026-2428 provides remediation guidance: update to a newer version or apply a workaround by quot...

EUVD-2023-12657

Malicious code in bioql PyPI...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

PT-2025-30334 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS issue exists in the department assignment editing module. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the Alias Nick...

live helper chat 安全漏洞

live helper chat is an open source plugin from an individual developer that supports online chat. It provides chat functionality for web platforms. A security vulnerability exists in live helper chat version v4.60, which stems from insufficient validation of the operator name parameter input in t...

PT-2025-30330 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in Live Helper Chat version 4.60. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Telegra...

CVE-2023-7299

A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to...

CVE-2023-7299 DataGear resolveSql sql injection

A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to...

CVE-2023-7299

CVE-2023-7299 affects DataGear up to version 4.60, with a vulnerability in the file /dataSet/resolveSql where manipulation of the sql argument leads to SQL injection. The issue can be exploited remotely and is described as critical. A patch is available: upgrading to version 4.7.0 addresses the v...

Zyxel ATP series firmware和Zyxel USG FLEX series firmware 操作系统命令注入漏洞

Zyxel ATP series firmware and Zyxel USG FLEX series firmware are both products of the Chinese company Zyxel.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel ATP series firmware is a series of firewall firmware. An operating system...

CVE-2023-33009

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.60 through 5.36 Patch 1, USG20W-VPN firmware versions 4.60 through 5.36 Patch...

Zyxel ZyWALL USG 操作系统命令注入漏洞

The Zyxel ZyWALL USG is a network security firewall appliance from China's Heqin Zyxel. An operating system command injection vulnerability exists in Zyxel ZyWALL USG versions 4.60 through 5.35, which stems from improper error message handling. An attacker could exploit this vulnerability to...

CVE-2023-0623

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these...

CVE-2023-0621 CVE-2023-0621

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these...

CVE-2023-0621 CVE-2023-0621

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these...

CVE-2023-0621

CVE-2023-0621 affects Horner Automation Horner/Cscape Envision RV v4.60. The vulnerability is an out-of-bounds read when parsing project (HMI) files, caused by insufficient validation of user-supplied data, potentially enabling arbitrary code execution in the current process. Mitigation: vendor n...

CVE-2023-0623 CVE-2023-0623

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project i.e. HMI files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these...

Vulnerability fixed in IrfanView

A vulnerability has been fixed in IrfanView. The vulnerability allows a malicious party to cause a denial-of-service of the application or possibly under user privileges to cause execute arbitrary code. To do this, the malicious party needs to victim to open a rogue TIFF file. The developer has...

Stack overflow

Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code...