148 matches found
CVE-2025-50194
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/checkparselang.php. This issue has been patched in version 1.11.30...
CVE-2025-50194 Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/checkparselang.php. This issue has been patched in version 1.11.30...
CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...
EUVD-2025-203932
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...
CVE-2025-67174
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...
CVE-2025-67174
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...
CVE-2025-67174
RiteCMS v3.1.0 contains a local file inclusion (LFI) vulnerability in the admin.php component, exploitable via directory traversal in admin_language_file and default_page_language_file. The issue allows an attacker to read arbitrary files on the host. Multiple connected sources (CNVD-2026-05343, ...
PT-2025-51865
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin language file and default page language file in the admin.php component...
CVE-2025-67174
A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...
Ruijie RG-YST 安全漏洞
Ruijie RG-YST is a series of wireless bridges from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-YST AP3.01B11P280YST250F version, which originates from an unvalidated input to the pwdmodify function in the file /usr/lib/lua/luci/modules/common.lua, which could lead to an ...
grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write.
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload, create, and rename features for files with HTML and SVG types, due to insufficient content-type validation and lack of output sanitization. An attacker can execute arbitrary scripts in the contex...
WordPress plugin Greenify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2018-13463
Malware in sbrugna...
EUVD-2014-3710
Malware in sbrugna...
EUVD-2023-30086
Malicious code in bioql PyPI...
EUVD-2024-17280
Malicious code in bioql PyPI...
EUVD-2024-17279
Malicious code in bioql PyPI...
CVE-2025-41041
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...
The vulnerability of the check_language_file() function in Netgear’s JWNR2000v2 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the checklanguagefile function in Netgear JWNR2000v2 router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...