186 matches found
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
PT-2026-7942
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in...
EUVD-2025-206874
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...
CVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
EUVD-2022-55946
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
PT-2026-5572
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
CVE-2020-37008
CVE-2020-37008 affects EasyPMS 1.0.0. The vulnerability is an authentication bypass that lets unprivileged users manipulate SQL queries in JSON requests by injecting single quotes in ID parameters, allowing access to admin user information and potential modification of admin passwords without pro...
CVE-2020-37008
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...
CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
CVE-2025-12758
CVE-2025-12758—Validator.js isLength() Unicode variation selector bypass . Multiple IBM advisories reference affected product lines (e.g., IBM App Connect Enterprise, QRadar) where validator versions earlier than 13.15.22 are vulnerable due to incomplete filtering of Unicode variation selectors i...
CVE-2025-51662
FileCodeBox contains a stored XSS in the text sharing feature for versions ≤ 2.2 due to insufficient input validation. Attackers can inject JavaScript into shared codeboxes, and the payload executes in users’ browsers when they access the infected codebox via a link or shared code. Connected advi...
PT-2025-46310
Name of the Vulnerable Software and Affected Versions Axis Communications affected versions not specified Description An ACAP configuration file has improper permissions and lacks input validation, potentially leading to privilege escalation. Exploitation requires the Axis device to allow the...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient...
EUVD-2020-29341
Malware in sbrugna...
EUVD-2018-0884
Malware in sbrugna...
EUVD-2020-29342
Malware in sbrugna...
EUVD-2025-25391
Malicious code in bioql PyPI...
EUVD-2025-24849
Malicious code in bioql PyPI...
EUVD-2024-49065
Malicious code in bioql PyPI...