223 matches found
EUVD-2025-20401
Malicious code in bioql PyPI...
EUVD-2022-32084
Malicious code in bioql PyPI...
EUVD-2022-34192
Malicious code in bioql PyPI...
EUVD-2024-54122
Malicious code in bioql PyPI...
CVE-2022-50389
In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, shou...
CVE-2022-50389
In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, shou...
CVE-2025-34129
A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...
The vulnerabilities of the i915_perf_open_ioctl(), i915_perf_add_config_ioctl(), and i915_perf_remove_config_ioctl() functions in the Linux operating system allow a hacker to cause a service failure.
The vulnerabilities of the i915perfopenioctl, i915perfaddconfigioctl, and i915perfremoveconfigioctl functions in the Linux kernel are related to pointer manipulation. Exploiting these vulnerabilities can allow an attacker to cause a service failure...
UBUNTU-CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2023-20220
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...
CVE-2020-13124
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...
CVE-2025-4377
Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pr...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that originates from allowing an attacker to obtain a system username via the VAPIX Device Configuration SSH Management API...
CVE-2024-8997
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...
CVE-2024-8997
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...
CVE-2024-8997
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...
CVE-2024-8997
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53...
CVE-2024-8997 SQLi in Vestel's EVC04 Configuration Interface
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...
CVE-2024-8997
CVE-2024-8997 is an SQL injection vulnerability in Vestel EVC04 Configuration Interface. The flaw arises from improper neutralization of special elements in SQL commands, affecting EVC04 UI prior to versions 3.187 and 4.53. It enables network-level, unauthenticated abuse with full impact on confi...