Tenda WH450 命令注入漏洞

Tenda WH450 is a wireless access point from Tenda, China. A command injection vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from a misuse of the parameter ipaddress in the file/goform/CheckTools of the component HTTP Request Handler, which could lead to command injection...

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which originates from a command injection in the runtime.macClone function via the mc.ip parameter...

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat 0.8.0 and prior versions, which stems from the iconURL parameter can be modified, potentially leading to a stored cross-site scripting attack and privacy disclosure...

PT-2025-50590

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2021-47728 Selea Targa IP Camera Remote Code Execution via Utils

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

CVE-2025-14194 code-projects Employee Profile Management System view_personnel.php cross site scripting

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

CVE-2025-14194 code-projects Employee Profile Management System view_personnel.php cross site scripting

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

Deco Apps Library / MCP Servers 代码问题漏洞

Deco Apps Library / MCP Servers is a content management system from deco.cx open source. A code issue vulnerability exists in Deco Apps Library / MCP Servers version 0.120.1 and earlier, which stems from incorrect manipulation of the parameter url in the file website/loaders/analyticsScript.ts,...

CVE-2025-65223

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo...

CVE-2024-8527

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

CVE-2024-8527 ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

Apache Causeway 安全漏洞

Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...

VulnCheck KEV: CVE-2020-26948

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

Jellysweep 代码问题漏洞

Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...