JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability caused by improper handling of unknown functions in the /sys/comment/add file. This vulnerability may lead t...

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

goclaw 安全漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.8.5 and earlier have security vulnerabilities, which stem from unknown functions in the RPC Handler component, potentially leading to improper authorization...

ComfyUI 安全漏洞

ComfyUI is the most powerful and modular diffusion model GUI and backend developed by comfyanonymous individuals. Versions of ComfyUI prior to 0.13.0 contain security vulnerabilities, which stem from improper handling of unknown functions in the file server.py. These vulnerabilities could lead to...

Personal AI Infrastructure 操作系统命令注入漏洞

Personal AI Infrastructure is a personal AI infrastructure building tool developed by Daniel Miessler as a personal project. Versions of Personal AI Infrastructure prior to 2.3.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by operations on unknown functions in the file server/methods/positionHistory.js, resulting in a lack of authorization...

Hotel-Management-services-using-MYSQL-and-php 代码注入漏洞

Hotel-Management-services-using-MYSQL-and-php is a hotel management system by the individual developer Alok .S. Jaiswal. A code injection vulnerability exists in Hotel-Management-services-using-MYSQL-and-php that stems from improper handling of unknown functions in the file /usersub.php, which...

TOZED ZLT T10 安全漏洞

TOZED ZLT T10 is a wireless router from China Tongze Kangwei TOZED. A security vulnerability exists in the TOZED ZLT T10 T10PLUS3.04.15 version, which stems from improper handling of unknown functions in the file /reqproc/procpost, which could lead to a denial of service...

i-Educar 访问控制错误漏洞

i-Educar is a free educational software from Portábilis Open Source. An access control error vulnerability exists in i-Educar version 2.10 and earlier, which stems from improper access control of unknown functions in the file /enrollment-history/, which could lead to a remote attack...

Fuzzy matching with Ghidra BSim, a guide

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. Rapidly identify and annotate functions from known libraries. Fuzzy matching works with unknowns, like exact library versions and compiler options. Automatically define custom variable...

Smart Office 安全漏洞

Smart Office is an office application. A security vulnerability exists in Smart Office, which stems from Main.aspx contains unknown functions that result in weak passwords via specific parameters...

Apollo Authorization Issues Vulnerabilities

Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload course assignments. An authorization issue vulnerability exists in Apollo versions 2.0.0 and 2.0.1, which stems from the inclusion of unknown functions in...

WordPress Plugin PlusCaptcha Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Viessmann Vitogate Security Breach

Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate versions 300 through 2.1.3.0, which stems from the presence of some unknown functions in /cgi-bin/, resulting in a direct request...

NextBX QWAlerter Code Issue Vulnerability

NextBX QWAlerter is an application from NextBX Corporation. A code issue vulnerability exists in NextBX QWAlerter version 4.50, which stems from the presence of some unknown functions in QWAlerter.exe that result in unquoted search paths...

phpscriptpoint Lawyer 跨站脚本漏洞

Lawyer is a legal and attorney website by the phpscriptpoint team. A cross-site scripting vulnerability exists in phpscriptpoint Lawyer version 1.6, which stems from the presence of some unknown functions in page.php that lead to cross-site scripting...

Lawyer 跨站脚本漏洞

Lawyer is a legal and lawyer website by the phpscriptpoint team. A cross-site scripting vulnerability exists in phpscriptpoint Lawyer version 1.6, which stems from the presence of some unknown functions in search.php that lead to cross-site scripting...

Insurance 跨站脚本漏洞

Insurance is a responsive business and insurance related web content management system CMS from the phpscriptpoint team. A cross-site scripting vulnerability exists in Insurance version 1.2, which stems from the inclusion of unknown functions in the file page.php, resulting in cross-site scriptin...

HotCRP Conference Review Software 跨站脚本漏洞

HotCRP Conference Review Software is a software from Eddie Kohler's personal developer. It is used to manage the review process, especially for academic conferences. HotCRP Conference Review Software suffers from a cross-site scripting vulnerability that originates from the presence of cross-site...

Venganzas del Pasado 跨站脚本漏洞

Venganzas del Pasado is the source code for a website by Juan Schwindt, an individual developer. Venganzas del Pasado suffers from a cross-site scripting vulnerability that stems from thetitle parameter of several of its unknown functions that allows an attacker to implement cross-site scripting...