Slah CMS 安全漏洞

Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS prior to 1.5.0 contain security vulnerabilities. These vulnerabilities stem from improper access control in the config.php component, which may allow unverified attackers to access sensitive...

EUVD-2023-48033

EVE's Debug Functions Unlockable Without Triggering Measured Boot...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

EUVD-2007-2142

Malware in sbrugna...

EUVD-2021-13573

Malware in sbrugna...

EUVD-2014-2386

Malware in sbrugna...

EUVD-2016-3379

Malware in sbrugna...

EUVD-2023-46282

Malicious code in bioql PyPI...

EUVD-2023-0176

Malicious code in bioql PyPI...

EUVD-2022-2881

Malicious code in bioql PyPI...

EUVD-2022-5816

Malicious code in bioql PyPI...

EUVD-2023-46279

Malicious code in bioql PyPI...

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

GHSA-M63C-3RMG-R2CF XWiki configuration files can be accessed through jsx and sx endpoints

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false. This can apparently be reproduced on Tomcat instances. Patches This has been patched in 17.4.0-rc-1, 16.10.7. Workarounds...

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

PT-2025-27543 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Monero Project's Laravel-based forum software affected versions not specified Description: A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the...

CVE-2025-44043

Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery SSRF in /KeyotiSearchEngineWebCommon/SearchService.svc/GetResults and /KeyotiSearchEngineWebCommon/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory...

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...