Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane 1.3.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from SavedAnalyticEndpoint directly passing user-controlled segment parameters into Django F expressions...

CVE-2023-40802

The getparentControllistInfo function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45cn...

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 that stems from unverified IPAddress and SubnetMask parameters in the SetNetworkSettings function, which could lead to remote command execution...

EUVD-2025-31066

Malicious code in bioql PyPI...

EUVD-2023-45353

Malicious code in bioql PyPI...

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

GHSA-X75H-M6JJ-6CJ2 Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

Cross-site Scripting (XSS)

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Cross-site Scripting XSS via the resolveastbytype function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters. Details Cross-site scripting or XSS...

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

PT-2025-39321

Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.2.20 Description The software accepts unverified parameters in the resolve ast by type function, which may allow for remote code execution. Recommendations Update to version 0.2.20 or later...

CPUID CPU-Z 安全漏洞

CPUID CPU-Z is a system hardware information detection tool from CPUID. A security vulnerability exists in CPUID CPU-Z version 1.0.5.4, which stems from unverified parameters allowing modification of MSRLSTAR and hook KiSystemCall64...

CVE-2023-52104

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

Design/Logic Flaw

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52102

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality...

PT-2024-14399 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a vulnerability where parameters are not verified in the WMS module. Successful exploitation of this vulnerability may affect service...

WithSecure products Cross-site Scripting Vulnerability

WithSecure products is a series of security software from the Finnish company WithSecure. A cross-site scripting vulnerability exists in WithSecure Policy Manager version 15, which stems from allowing XSS via unverified parameters in an endpoint...

CVE-2023-40802

The getparentControllistInfo function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45cn...