CVE-2025-65572

AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

CVE-2025-66253

The CVE-2025-66253 entry affects DB Electronica Mozart FM Transmitter series (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). The root cause is an unauthenticated OS command injection in start_upgrade.php, where user-controlled $_GET["filename"] is passed directly to exec() w...

PT-2025-48105

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description An unauthenticated OS Command Injection issue exists in the start upgrade.php component of the softwar...

Resty 路径遍历漏洞

Resty is a simple HTTP and REST client library for Go open-sourced by Go Resty. A path traversal vulnerability exists in Resty 1.3.1 and earlier versions, which stems from an incorrect manipulation of the parameter filename and could lead to a path traversal attack...

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which originates from the incorrect operation of the parameter X-Requested-FileName/ in the file...

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

PT-2025-43887

Name of the Vulnerable Software and Affected Versions HYDRA X, MIP 2, and FEDRA 2 versions prior to Maintenance Pack 36 with Servicepack 8 week 36/2025 Description HYDRA X, MIP 2, and FEDRA 2 are affected by a local file disclosure issue. An unauthenticated attacker can read arbitrary files from...

MPDV Mikrolab多款产品 安全漏洞

MPDV Mikrolab HYDRA X and others are products of MPDV Mikrolab, Germany.MPDV Mikrolab HYDRA X is a platform-based manufacturing execution system.MPDV Mikrolab MIP 2 is an industrial manufacturing integration platform.MPDV Mikrolab FEDRA 2 is an industrial manufacturing integration MPDV Mikrolab...

Emoncms 安全漏洞

Emoncms is an open source web application from Emoncms Open Source. The program is primarily used to process, record and display energy, temperature and other environmental data. A security vulnerability exists in Emoncms version 11.7.3, which stems from insufficient input validation of the...

CVE-2025-60938

Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baudrate,...

CVE-2025-11337

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName results in path traversal. It is...

EUVD-2021-24787

Malware in sbrugna...

EUVD-2021-20620

Malware in sbrugna...

EUVD-2014-2888

Malware in sbrugna...

EUVD-2012-4798

Malware in sbrugna...