CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...

EUVD-2023-30333

Malicious code in bioql PyPI...

D-Link DNS-320 Remote Command Injection Vulnerability

The D-Link DNS-320 NAS-device is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

D-Link DNS-320 Remote Command Injection Vulnerability

The D-Link DNS-320 is a two-drive ShareCenter series NAS storage device. A remote command injection vulnerability exists in the loginmgr.cgi script in the D-Link DNS-320 2.05.B10 and earlier versions. A remote, unauthenticated attacker could exploit this vulnerability to access all application...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

Bits Video Script 2.04/2.05 - &#039;/addvideo.php&#039; Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...