11448 matches found
PT-2026-6740
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add comment sql.php to execute...
PT-2026-6736
Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains a persistent cross-site scripting issue. An attacker can inject malicious scripts through the Remark parameter in the add router operation.php file. By crafting a POST request with a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the WebsiteAddContent process. An attacker can access sensitive files on the server by supplying crafted path values containing directory traversal sequences. This is only exploitable if the attacker has an...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37142
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...
CVE-2020-37118
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
CVE-2020-37142 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...
CVE-2020-37142
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...
EUVD-2020-31036
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...
CVE-2020-37142 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...
CVE-2020-37142
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow in the Add function that allows an attacker to execute arbitrary code by overwriting SEH records. A malicious payload targeting the Computer parameter can trigger remote code execution. Connected sou...
CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37118
CVE-2020-37118 affects P5 FNIP-8x16A FNIP-4xSH 1.0.20. The vulnerability is a cross-site request forgery that can perform administrative actions without user interaction by tricking an authenticated user into loading a crafted page (e.g., adding admin users, changing passwords, modifying configs)...
CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
EUVD-2020-31048
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
RUSTSEC-2026-0071 Nonce Reuse in HPKE Context
The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...
SUSE CVE-2026-23096
In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...
PT-2026-6580
Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...