5655 matches found
PT-2025-8978 · Unknown · Zyx0814 Pichome
Name of the Vulnerable Software and Affected Versions: zyx0814 Pichome version 2.1.0 Description: A critical vulnerability was found in zyx0814 Pichome, affecting an unknown part of the file /index.php?mod=textviewer. The manipulation of the src argument leads to path traversal, allowing remote...
Benner Connecta 安全漏洞
Benner Connecta is a cloud connectivity platform from Benner Inc. bringing greater security and optimization to authorization and e-invoicing processes. A security vulnerability exists in Benner Connecta version 1.0.5330 that stems from improper control of resource identifiers and could allow...
Lumsoft ERP 安全漏洞
Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which stems from an unrestricted file upload that could allow remote attacks...
Benner ModernaNet 安全漏洞
Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.2.0 and prior versions that stems from cross-site request forgery and could allow remote attacks...
Benner ModernaNet 安全漏洞
Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions that stems from cross-site request forgery and could allow remote attacks...
Benner ModernaNet 安全漏洞
Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions that stems from improper control of resource identifiers and could allow remote attacks...
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...
CVE-2025-1185
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
ABB Cylon FLXeon 9.3.4 Default Credentials
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ABB Cylon FLXeon 9.3.4 Default Credentials
ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...
CVE-2025-26364
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...
CVE-2025-1173
A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file processusersdel.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...
CVE-2024-57587
Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...
Mindskip xzs-mysql 安全漏洞
Mindskip xzs-mysql is a java + vue front-end and back-end separated exam system from Wuhan Mindskip Technology Mindskip company in China. The main advantages are simple and fast development and deployment, friendly interface design and clear code structure. Support web end and wechat small progra...
CVE-2021-26611
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.reboot, factory reset, snapshot etc...
CVE-2021-26263
Cross-site scripting XSS issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents...
CVE-2022-23768
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...
CVE-2022-1083
A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customertypenumber/accountnumber/accountstatusnumber/accounttypenumber with the input ' and select fromselectsleep10Avx and 'abc' = 'abc leads to sql injection in multiple...
CVE-2022-36301
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password...
CVE-2022-46415
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network e.g., by guessing the password. Then, the attacker would need to send...