Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...

EUVD-2021-32454

Malicious code in bioql PyPI...

vul-37

AgentUniverse MCP Command Injection Vulnerability Report S...

CVE-2025-43928

In Infodraw Media Relay Service MRS 7.1.0.0, the MRS web server on port 12654 allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which is caused by improper handling of the pptpserverstartip/pptpserverendip parameters in the formSetPPTPServer function in the /goform/SetPptpServerCfg file...

PT-2025-7115 · Tp Link · Tp-Link Tl-Wr841Nd

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841ND version V11 Description: A buffer overflow issue was discovered, triggered by the dnsserver1 and dnsserver2 parameters at the "/userRpm/WanSlaacCfgRpm.htm" API endpoint. This allows attackers to cause a Denial of Service Do...

PT-2025-1028

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N versions 3.16.9 and earlier Description The issue is related to a buffer overflow in the handling of the dnsserver1 and dnsserver2 parameters at the "/userRpm/Wan6to4TunnelCfgRpm.htm" API endpoint. This allows an authenticate...

OESA-2023-1696 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted...

CVE-2021-45736

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service DoS via the eip, sip, server parameters...

CVE-2021-45736

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service DoS via the eip, sip, server parameters...

Stack overflow

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service DoS via the eip, sip, server parameters...

CVE-2021-22721

A CWE-200: Information Exposure vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker to get...

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability (CNVD-2017-36128)

Cisco WebEx Meeting Center is a set of WebEx meeting solutions in the United States Cisco Cisco company's network of online meeting products. The product invites others to join the meeting via e-mail or instant messaging IM, and supports online product demonstrations, information sharing, and mor...

Hacker hits the Embassy of Indonesia in Hungary

Hacker Hits the Embassy of Indonesia in Hungary Hacker from Team thec7crew today claim to Hack the Official Website Embassy of Indonesia in Hungary. Hacker Hack the Database of Site also Expose various Server Parameters on Pastebin. As Database name mentioned "indone01web" - There are 30 tables a...

The wind God news management static version of 1. 7 vulnerability-vulnerability warning-the black bar safety net

Publishing author: LinkEr Affected versions: V1. 7 static version Official website: Vulnerability type: design flaw Vulnerability Description: The Wind God news management static version of 1. 7 the presence of multiple vulnerabilities. 1.1 The background verify file wwwroot/admin/islogin. asp...

Trend Micro HouseCall ActiveX control does not adequately validate update server parameters

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...

Avahi privilege escalation

Insufficient Netlink parameters validation allow to manipulate server parameters...