235 matches found
EUVD-2007-1059
Malware in sbrugna...
EUVD-2020-29012
Malware in sbrugna...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
EUVD-2023-54378
Malicious code in bioql PyPI...
EUVD-2023-35159
Malicious code in bioql PyPI...
EUVD-2025-22739
Malicious code in bioql PyPI...
EUVD-2022-30814
Malicious code in bioql PyPI...
EUVD-2024-16623
Malicious code in bioql PyPI...
GE UR family Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-27422)
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2025-59352
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...
CVE-2025-30135
An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
VulnCheck KEV: CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...
Novell Groupwise Agents HTTP Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell Groupwise Agents HTTP Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Novell Groupwis...
Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities
Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840
CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
Fedora: Security Advisory for baresip (FEDORA-2024-a15fe3f120)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-43070
Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...