CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

PT-2026-29872

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get es data by http of the file backend/apps/db/es engine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be...

CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

EUVD-1999-1259

Malware in sbrugna...

EUVD-2015-8968

Malware in sbrugna...

EUVD-2015-8962

Malware in sbrugna...

EUVD-2025-29092

Malicious code in bioql PyPI...

CVE-2025-9769

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...

PT-2025-22849 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A problematic vulnerability was found in the Buy Item Page component of Tmall Demo, allowing for cross-site scripting through the manipulation of the Detailed Address argument. This issue can be exploite...

PT-2024-38681 · Sourcecodester · Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Yoga Class Registration System version 1.0 Description: A problematic vulnerability has been found in the system, affecting an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the address...

PT-2024-37576 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue was found in the Tailoring Management System, affecting the file customeradd.php. The manipulation of the fullname, address, phonenumber, sex, email, city, and comment...

CVE-2024-1972

A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely...

PT-2023-26297 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0 Description: A critical issue has been found in the Hospital Management System, affecting the file patient.php. The manipulation of the address argument leads to sql injection, allowing remote attacks. T...

CVE-2023-2682

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

CVE-2022-46377

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

jenkins-git-client-plugin: OS command injection via 'git ls-remote'

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Design/Logic Flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the...

Null pointer dereference

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NUL...