83 matches found
CGM CLININET 代码注入漏洞
CGM CLININET is a hospital information management system from German company CGM. A code injection vulnerability exists in CGM CLININET, which originates when a system function receives unauthenticated user input and could lead to the execution of arbitrary code...
CVE-2025-6025
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...
CVE-2025-6025
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...
CVE-2025-6025
CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in the management and VPN web servers for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to stop responding or reload unexpectedly,...
CVE-2012-10044
MobileCartly 1.0 is affected by an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication/authorization before invoking file_put_contents() on attacker-controlled input, allowing an unauthenticated attacker to send crafted HTTP GET reques...
Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...
Apache HTTP Server 代码问题漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...
Red Hat Ansible Automation Platform 参数注入漏洞
Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat USA. A parameter injection vulnerability exists in Red Hat Ansible Automation Platform that stems from an unauthenticated user-supplied Git URL, which could lead to command injecti...
Langroid 代码注入漏洞
Langroid is a Langroid open source tool for developing LLMs using multi-agent programming. A code injection vulnerability exists in Langroid versions prior to 0.53.15, which stems from TableChatAgent's use of pandas eval to process unauthenticated user input, which could lead to code injection...
CVE-2024-47407
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...
Cohesive Networks VNS3 操作系统命令注入漏洞
Cohesive Networks VNS3 is a VPN Virtual Private Network solution from Cohesive Networks, Inc. Cohesive Networks VNS3 suffers from an operating system command injection vulnerability that stems from a lack of proper authentication before executing a system call using a user-supplied string. An...
Logpoint 安全漏洞
Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that originates from an authenticated user entering unauthenticated input during EventHub Collector setup, which can lead to remote code execution...
WordPress plugin Crypto 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-25681 · Froxlor +1 · Froxlor +1
Name of the Vulnerable Software and Affected Versions: Froxlor versions prior to 2.1.9 Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated user can inject malicious scrip...
CVE-2023-34275
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
Silicon Labs TrustZone Security Vulnerability
Silicon Labs TrustZone is a security software technology from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs TrustZone v4.3.x and earlier versions that originated from allowing unauthenticated input and can be exploited by an attacker to gain access to trusted memory from...
CVE-2023-40800
The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...
CVE-2023-40800
The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...
PT-2023-2647 · Oracle · Oracle Health Sciences Inform
Name of the Vulnerable Software and Affected Versions: Oracle Health Sciences InForm versions prior to 6.3.1.3 Oracle Health Sciences InForm versions prior to 7.0.0.1 Description: The issue is related to insufficient input validation in the Core component of Oracle Health Sciences InForm, allowin...