128 matches found
EUVD-2021-24846
Malware in sbrugna...
EUVD-2017-6286
Malware in sbrugna...
EUVD-2019-9605
Malware in sbrugna...
EUVD-2016-3437
Malware in sbrugna...
EUVD-2007-4681
Malware in sbrugna...
EUVD-2022-6167
Malicious code in bioql PyPI...
EUVD-2024-49011
Malicious code in bioql PyPI...
EUVD-2023-51896
Malicious code in bioql PyPI...
EUVD-2022-34666
Malicious code in bioql PyPI...
EUVD-2025-3162
Malicious code in bioql PyPI...
EUVD-2024-50958
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-40327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on...
TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...
Linux Distros Unpatched Vulnerability : CVE-2023-41053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this...
CVE-2025-9782
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been...
CVE-2025-9782
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been...
CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...
CVE-2025-8138
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
GHSA-4J59-VV55-Q6H3 Salt's salt.auth.pki module does not properly authenticate callers
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...