PT-2026-27779

Name of the Vulnerable Software and Affected Versions N2W versions prior to 4.3.2 N2W version 4.4.0 Description Improper validation of API request parameters can allow for remote code execution. Recommendations Update N2W to a version newer than 4.3.2. Update N2W to a version newer than 4.4.0...

EUVD-2021-9546

Malicious code in bioql PyPI...

Tenda O6 安全漏洞

Tenda O6 is a wireless bridge from Tenda, China. Tenda O6 version 1.0.0.7 suffers from a buffer overflow vulnerability, which originates from the parameter ip/localPort/publicPort/app of the fromVirtualSet function of file /goform/setPortForward fails to properly validate the length and size of t...

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. A security vulnerability exists in the Tenda O3, which stems from a stack-based buffer overflow due to manipulation of the ip/localPort/public Port/app parameter in the fromVirtualSet function. No details of the vulnerability are available...

PT-2024-13678 · Unknown · Kiuwan Sast

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version Description: The issue concerns an API endpoint "/saas/rest/v1/info/application" that allows access to information about any application, using the application parameter. This endpoint lacks proper access control, enabling...

CVE-2023-37528

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

CVE-2023-37528 A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

CVE-2024-1033

A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotel...

WordPress plugin AnyComment 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An input validation error vulnerability...

phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability

No description provided by source. phpCheckZ 1.1.0 Blind SQL Injection Vulnerability Name phpCheckZ Vendor http://www.phpcheckz.com Versions Affected 1.1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-19 X. IND...

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...