Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

CVE-2025-52222

D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rden, rdauth, rdacct, httphadmin,...

CVE-2026-5639

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

PT-2026-30587

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

CVE-2019-25425 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

CVE-2019-25425 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via smtpconfig

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the VIRUSADMIN parameter input in the...

PT-2026-20828

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

Bematech MP-4200 TH 资源管理错误漏洞

The Bematech MP-4200 TH is a thermal receipt printer produced by the British company Bematech. The Bematech MP-4200 TH has a resource management vulnerability, which stems from improper handling of the admin and person parameters on the administrator configuration page. This vulnerability may lea...

CVE-2024-26480

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...

CVE-2024-26480

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...

CVE-2024-26480

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...

PT-2026-7654

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...

statping-ng 安全漏洞

Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability, which stems from improper handling of specially crafted requests for admin parameters, potentially leading to the exposure of sensitive information...

CVE-2024-26480

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...

CVE-2024-26480

The CVE-2024-26480 entry describes a vulnerability in Statping-ng v0.91.0 where an attacker can obtain sensitive information by sending a crafted request to the admin parameter. The connected CVE record confirms the affected product and the general impact (information disclosure), but the documen...