16979 matches found
VulnCheck KEV: CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
MiracleLinux 3 : samba-3.0.24-10AX (AXSA:2008-78:02)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-78:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printers...
MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.5-2.2.1.AXS4 (AXSA:2012-909:02)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-909:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2012-0547 Unspecified vulnerability in the Java Runtime Environment JRE...
MiracleLinux 3 : lynx-2.8.5-28.1.1.1AXS3 (AXSA:2008-523:02)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-523:02 advisory. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx...
MiracleLinux 3 : lynx-2.8.5-28.1.1.1AXS3 (AXSA:2008-473:01)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-473:01 advisory. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx...
MiracleLinux 3 : vim-7.0.109-4.4z.1AXS3 (AXSA:2008-498:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-498:01 advisory. VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very...
CVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...
CVE-2025-52694
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...
CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability
...
CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...
4images 代码注入漏洞
4images is an image management system from the German company 4images. A code injection vulnerability exists in 4images version 1.9, which stems from a remote command execution vulnerability in the template editing feature that could lead to the execution of arbitrary commands...
NanoCMS 代码注入漏洞
NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...
CVE-2025-52694
CVE-2025-52694 affects Advantech WISE-IoTSuite/SaaS Composer with an unauthenticated SQL Injection in the filename parameter of the URL path, using unsafe PostgreSQL queries. The Nuclei template details the vulnerable endpoint (displays/{filename}.json?org_id=) and notes that an attacker can inje...
CVE-2025-66802
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE Remote Code Execution. The application receives a reverse shell php into imagem of the user enabling RCE...
EUVD-2026-1912
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...
PT-2026-2042
Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file /Administrator/PHP/AdminUpdateUser.php...
CVE-2026-0837 UTT 进取 520W formFireWall strcpy buffer overflow
A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...
CVE-2025-46645
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...
CVE-2014-4305
Multiple SQL injection vulnerabilities in NICE Recording eXpress aka Cybertech eXpress 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2005-1128
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries...