17 matches found
CVE-2026-36356
The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...
EUVD-2026-27151
A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udmnudmuecmhandleamfregistrationupdate of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be...
PT-2025-41466
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...
EUVD-2024-0023
Malicious code in bioql PyPI...
EUVD-2024-0959
Malicious code in bioql PyPI...
PT-2025-35092
Name of the Vulnerable Software and Affected Versions: D-Link DIR-868L B1 router firmware version FW2.05WWB02 Description: The D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The...
PT-2024-6467 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...
PT-2024-25229
Name of the Vulnerable Software and Affected Versions kubevirt versions 1.2.0 and earlier Description The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This can be done by sending a crafted command to the /kubevirt.io/kubevirt API...
PT-2024-2265 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetDeviceName function of the /goform/SetOnlineDevName file, leading to a stack-based buffer overflow when the devName or mac argument is manipulated. This can be...
PT-2023-27874 · Plixer · Plixer Scrutinizer
Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint. The csvExportReport endpoint action generateCSV does not require authentication, allowing an unauthenticated user to expor...
PT-2023-11500 · Unknown · Chaoji Cms
Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary code via the "/index.php?admin-master-webset" API endpoint. This enables attackers to inject malicious scripts into the...
PT-2022-8681 · Optilink · Optilink Op-Xt71000N
Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028 Description: A vulnerability allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to enable or disable ports and to chan...
PT-2022-18237 · Zbzcms · Zbzcms
Name of the Vulnerable Software and Affected Versions: zbzcms version 1.0 Description: The issue is related to incorrect access control at the /admin/run ajax.php endpoint, allowing attackers to add administrator accounts arbitrarily. Recommendations: For zbzcms version 1.0, as a temporary...
UBUNTU-CVE-2021-39884
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project...
PT-2021-6290 · Adobe · Magento Commerce
Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier Description: The issue exists due to insufficient input validation in the Magento Commerce platform, allowi...
Xiaomi Mi Router 3 Command Injection Vulnerability (CNVD-2018-24496)
Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A system command injection vulnerability exists in the wifiaccess endpoint in Xiaomi Mi Router 3 version 2.22.15. The vulnerability can be exploited to execute system commands with the 'timeout' URL parameter...
PT-2018-18906 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the egroup parameter to the "/uploads/dede/stepselect main.php" API endpoint, as code within the database is accessible to...