443 matches found
CVE-2026-24994
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.7.2...
Logback allows an attacker to instantiate classes already present on the class path
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...
PT-2026-3611
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-68658
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...
Open Source Point of Sale 跨站脚本漏洞
Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A cross-site scripting vulnerability exists in Open Source Point of Sale versions 3.4.0 and 3.4.1, which stems from a stored cross-site script in the configuration function that could cause an...
CVE-2021-31926
AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...
CVE-2021-22652
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution...
CVE-2017-18803
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings...
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...
Selea Targa IP OCR-ANPR Camera 访问控制错误漏洞
Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. An access control error vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from the use of hard-coded passwords, which could lead to unauthorized configuration access...
CVE-2025-66208
Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...
EUVD-2025-197804
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...
CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Commands Connectors configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, fr...
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...
CVE-2025-11444
TOTOLINK N600R is affected: the buffer overflow exists in the HTTP Request Handler’s setWiFiBasicConfig function, in /cgi-bin/cstecgi.cgi, triggered by manipulating the wepkey argument. This vulnerability allows remote exploitation and has publicly available PoCs. Affected firmware versions are p...
SUSE-SU-2025:03456-1 Security update for logback
This update for logback fixes the following issues: - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715...
EUVD-2000-0347
Malware in sbrugna...
EUVD-2001-1087
Malware in sbrugna...
EUVD-2017-14780
Malware in sbrugna...
EUVD-2021-20524
Malware in sbrugna...