CVE-2022-33093

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resumelist...

CVE-2021-43729

Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting XSS vulnerability due to an unsanitized Security Key parameter...

CVE-2018-20454

An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume=resumelist has XSS via the key parameter...

CVE-2009-3196

Cross-site scripting XSS vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confKey parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting a malicious payload into this parameter. Note: This is only exploitable if the...

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

pb-cms 代码问题漏洞

pb-cms waterfall content management system is a content management system by LinZhaoguan Personal Developer. A code issue vulnerability exists in pb-cms version 1.0.0, which stems from an incorrect operation of the parameter Topic Key that can lead to deserialization...

CVE-2023-51308

PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

D-Link DIR-853 PSK Parameter Buffer Overflow Vulnerability

The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol and provides dual-band 2.4GHz up to 400Mbps and 5GHz up to 867Mbps network connectivity for HD video streaming and online gaming. The D-Link DIR-853 suffers from a buffer overflow vulnerability that originates...

PT-2025-1593 · Unknown · Flexmls Idx Plugin

Name of the Vulnerable Software and Affected Versions: Flexmls® IDX Plugin versions up to, and including, 3.14.26 Description: The issue is related to Stored Cross-Site Scripting via the api key and api secret parameters due to insufficient input sanitization and output escaping. This allows...

The vulnerability of the sub_455D4() function in the microprogramming software of Tenda AX1806 allows a hacker to cause a service failure.

The vulnerability of the sub455D4 function in the microprogramming software of the Tenda AX1806 router lies in the fact that the operation’s output goes beyond the buffer in memory when processing the wpapskcrypto parameter. Exploiting this vulnerability can allow a remote attacker to cause a...

PT-2024-17015 · WordPress · Debounce Email Validator

Name of the Vulnerable Software and Affected Versions: DeBounce Email Validator plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

PT-2024-16324 · Klokan Maptiler · Tileserver-Gl

Name of the Vulnerable Software and Affected Versions: Klokan MapTiler tileserver-gl version 2.3.1 Description: A vulnerability was found in the component URL Handler of Klokan MapTiler tileserver-gl, which can lead to cross-site scripting when the key argument is manipulated. This issue can be...

CVE-2024-48634

Summary : CVE-2024-48634 affects D-Link DIR-882 (firmware FW130B06) and DIR-878 (FW130B08). The vulnerability is a command injection in the SetWLanRadioSecurity function, exploitable via the key parameter through a crafted POST request, enabling arbitrary OS commands. The issue arises from insuff...

WordPress WP Easy Gallery plugin <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter vulnerability

Authenticated Contributor+ SQL Injection via key Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Easy Gallery versions = 4.8.5...

PT-2024-7034 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08 Description: A command injection issue exists in the SetWLanRadioSecurity function due to insufficient neutralization of special elements used in an OS command. This allows...

DrayTek Vigor 3910 安全漏洞

DrayTek Vigor 3910 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version v4.3.2.6 that originates from a buffer overflow issue contained in the pubkey parameter of the v2x00.cgi page. An attacker can cause a deni...

PT-2024-32043 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow issue was discovered in the pub key parameter at the "v2x00.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: Fo...

CVE-2024-46560

CVE-2024-46560 affects Draytek Vigor 3910 (version 4.3.2.6). The root cause is a buffer overflow in the pub_key parameter handled by the v2x00.cgi endpoint, leading to Denial of Service. Public sources in the provided documents confirm the affected software and vulnerable component, and several t...

PT-2024-22975 · Sportsnet · Sportsnet

Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query. The vulnerable API...