475 matches found
EUVD-2025-19724
Malicious code in bioql PyPI...
EUVD-2025-8729
Malicious code in bioql PyPI...
EUVD-2025-22308
Malicious code in bioql PyPI...
EUVD-2025-28371
Malicious code in bioql PyPI...
EUVD-2025-18998
Malicious code in bioql PyPI...
EUVD-2025-22298
Malicious code in bioql PyPI...
EUVD-2025-19331
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2015-1564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
raspap-webgui 安全漏洞
raspap-webgui is a wireless router setup software from RaspAP open source. A security vulnerability exists in raspap-webgui 3.3.2 and earlier versions, which stems from the hostapd.php script not clearing the interface parameter, which could lead to a command injection attack...
PT-2025-34904 · Unknown · Raspap Raspap-Webgui
Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions prior to 3.3.3 Description: A command injection issue exists in the includes/hostapd.php script due to improper sanitization of user input passed via the interface parameter. Recommendations: Update RaspAP...
CVE-2025-41702
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
Welotec多款产品 安全漏洞
Welotec EG400Mk2 series and Welotec EG500Mk2 series are a series of edge IoT computing gateways from Welotec, Germany. A security vulnerability exists in several Welotec products that stems from JWT keys hardcoded in the egOS WebGUI backend, which could lead to bypassing authentication and...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2025 CPU
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Exploit for CVE-2025-50428
!CVEhttps://img.shields.io/badge/CVE-2025--50428-high?style=f...
CVE-2025-53472
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI...
CVE-2025-46267
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...