572 matches found
Apache Causeway 安全漏洞
Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...
TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...
VulnCheck KEV: CVE-2020-26948
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...
CVE-2025-60688
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack...
CVE-2025-60676
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...
Jellysweep 代码问题漏洞
Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...
Jellysweep uses uncontrolled data in image cache API endpoint
Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...
EUVD-2020-30816
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
E-Commerce Website supplier_add.php file cross-site scripting vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplieradd.php, which can be exploite...
CVE-2020-36856
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
CVE-2020-36856
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
CVE-2020-36856
Nagios XI
CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
PT-2025-44462
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14 Description Nagios XI versions prior to 5.6.14 have an authenticated remote command execution issue in the command test.php script within the Core Config Manager CCM. A lack of proper validation of the addres...
EUVD-2025-36373
A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplieradd.php. The manipulation of the argument suppname/suppaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-12333 code-projects E-Commerce Website supplier_add.php cross site scripting
A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplieradd.php. The manipulation of the argument suppname/suppaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
EUVD-2025-35803
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...
PT-2025-43612
Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions prior to 2.1.5 Description The software contains a Server-Side Request Forgery issue resulting from inadequate...
CVE-2025-11190
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...
CVE-2025-11190
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...