103 matches found
PT-2026-35923
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...
VulnCheck KEV: CVE-2022-31208
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...
CVE-2025-50402
FAST FAC1200R F400FAC1200RQ is vulnerable to Buffer Overflow in the function sub80435780 via the parameter string facpassword...
PT-2025-48152
Name of the Vulnerable Software and Affected Versions FAST FAC1200R F400 FAC1200R Q affected versions not specified Description The FAST FAC1200R F400 FAC1200R Q is susceptible to a buffer overflow condition. This occurs in the sub 80435780 function through the fac password parameter. The...
Eval Injection
Overview litdb is an A literature database tool with GPT integration. Affected versions of this package are vulnerable to Eval Injection via the parseschemadsl function in the extract.py file, which unsafely uses the eval function. This allows an attacker to execute arbitrary Python code on the...
EUVD-2020-0489
Malware in sbrugna...
EUVD-2016-9426
Malware in sbrugna...
EUVD-2022-2142
Malicious code in bioql PyPI...
EUVD-2025-12096
Malicious code in bioql PyPI...
CVE-2025-57086
Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
Tenda W30E 安全漏洞
Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability that originates from the failure of the String parameter in the formDeleteMeshNode function to...
CVE-2025-55589
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...
PT-2025-34143 · Elunez · Elunez Eladmin
Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A vulnerability exists in the EncryptUtils function within the DES Key Handler component of elunez eladmin. Manipulation of the STR PARAM argument with the input Passw0rd results in inadequate...
WeGIA Denial of Service Vulnerability
WeGIA is a web manager for welfare organizations. WeGIA suffers from a denial of service vulnerability that stems from the length of the errorstr parameter not being validated, which can be exploited by an attacker to cause a denial of service...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...
CVE-2022-30962
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
WordPress plugin Verowa Connect 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
kernel: of: module: prevent NULL pointer dereference in vsnprintf()
A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf, which only allows passing a NULL ptr when the length is 0. This issue can result in a crash and damage to availability...
CVE-2024-38959
CVE-2024-38959 is a cross-site scripting vulnerability in Creativeitem Academy LMS Learning Management System v6.8.1 . The issue affects the handling of a string parameter , enabling a remote attacker to execute arbitrary code and access sensitive information . The description across multiple tru...
Astrotalks SQL Injection Vulnerability
Astrotalks is a free online astrology prediction website from Astrotalks India. A SQL injection vulnerability exists in Astrotalks version 10/03/2023. An attacker can exploit the vulnerability by sending a specially crafted SQL query to the "searchString" parameter and retrieve all the informatio...