2211 matches found
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
WordPress plugin WaveRide 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Blueprint 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Cookiteer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Spin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Confidant 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
External Control of File Name or Path
Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to External Control of File Name or Path via the -o/--output argument in the trestle author jinja. An attacker can overwrite arbitra...
External Control of File Name or Path
Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the output option in server mode. An attacker can create or append to arbitrary files on the host filesystem by sending crafted requests to the REST API, as the file path is taken directly from...
CVE-2026-9457
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...
Exploit for CVE-2026-5364
CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...
CVE-2026-9532
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...
WordPress plugin SW Core 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-43192
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...
CVE-2026-9455
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
CVE-2026-9455 Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
Exploit for Infinite Loop in Dbgpt Db-Gpt
POCCVE-2024-36420 Local reproduction lab and nuclei template...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
Astra Linux – Vulnerability in rsync
A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A sanity check for the file name has been added. The length of the file name should be smaller than the directory entry size...