CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

PT-2025-54436

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

EUVD-2025-202320

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

CVE-2025-65572

AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

EUVD-2008-6800

Malware in sbrugna...

EUVD-2019-3101

Malware in sbrugna...

EUVD-2001-0023

Malware in sbrugna...

EUVD-2009-0299

Malware in sbrugna...

CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the labelconfig parameter in labelstudio/projects/views.py. An attacker can execute arbitrary scripts in the context of the user's browser by sending malicious...

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

CVE-2024-40536

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin3gcode parameter in the config3gpara function...

PT-2024-5008 · NetGear · Netgear Wn604

Name of the Vulnerable Software and Affected Versions: Netgear WN604 versions up to 20240710 Description: A vulnerability was found in the Web Interface component of Netgear WN604, specifically in the /downloadFile.php file. The issue is related to insufficient protection of internal data. The...

PT-2024-25806 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions prior to 9.5 Description: A path traversal issue exists in the "save settings" endpoint due to insufficient sanitization of the config parameter in the apply settings function. This allows an attacker to...

CVE-2024-32743

CVE-2024-32743 affects WonderCMS v3.4.3. A cross-site scripting (XSS) vulnerability exists in the Settings section via the SITE LANGUAGE CONFIG parameter under the Security module, allowing an attacker to execute arbitrary web scripts or HTML. Root cause is improper handling of input in the Setti...

CVE-2023-41973

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

CVE-2023-41973

The CVE-2023-41973 affects Zscaler Client Connector (ZSATray) on Windows, where a config parameter previousInstallerName is passed to TrayManager. TrayManager then constructs a path by appending this value, enabling a potential path construction/assembly issue that can lead to executing a crafted...