CVE-2026-3025

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...

EUVD-2025-24069

Malicious code in bioql PyPI...

CVE-2025-8409

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2023-6885

A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to th...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

Design/Logic Flaw

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

PT-2023-20941 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS versions 4.7.15 through 4.7.16-dev5 Description: A remote code execution issue was found in the /admin.php file of Pluck CMS, allowing attackers to execute arbitrary code through the manage file functionality. Recommendations: For...

CVE-2020-36541

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicosphp/generaselect.php. The manipulation of the argument idprovincia with the input -1%20union%20all%20select%201,2,3,4,database leads to sql injection. T...

CVE-2021-3478

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability...

CVE-2021-3478

There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability...

Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2020-1272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : e2fsprogs (EulerOS-SA-2019-2140)

According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The e2fsprogs package contains a number of utilities for creating,checking, modifying, and correcting any inconsistencies in second,third and...

CVE-2019-5094

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

Improper access control

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

Xxe

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files...

Directory traversal

Multiple directory traversal vulnerabilities in 1 includes/MapImportCSV2.php and 2 includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."...