CVE-2020-37216

CVE-2020-37216 affects Hirschmann Industrial HiVision, specifically versions 08.1.03 before 08.1.04 and 08.2.00 . The issue is an untrusted search path vulnerability that lets local attackers execute arbitrary binaries by placing a malicious binary in the path of a configured external application...

Command Injection

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Command Injection in the app.moveToApplicationsFolder function on macOS when handling application bundle...

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

EUVD-2005-4363

Malware in sbrugna...

EUVD-2005-4368

Malware in sbrugna...

EUVD-2005-4341

Malware in sbrugna...

EUVD-2020-3941

Malware in sbrugna...

EUVD-2024-47630

Malicious code in bioql PyPI...

EUVD-2024-47619

Malicious code in bioql PyPI...

EUVD-2024-47645

Malicious code in bioql PyPI...

CVE-2024-7411

The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to...

CVE-2024-6569

The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and displayerrors being enabled. This makes it possible for...

CVE-2024-13536

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

CVE-2020-11591

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...

CVE-2025-2578

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

Cybele Software Thinfinity Workspace 安全漏洞

Cybele Software Thinfinity Workspace is an integrated solution for virtualizing applications, desktops, data and accessing any host from a unified portal from Cybele Software, USA. A security vulnerability exists in Cybele Software Thinfinity Workspace prior to v7.0.2.113, which stems from a full...

WordPress plugin Amelia 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Shenzhen Libituo Technology LBT-T300-mini 安全漏洞

The Shenzhen Libituo Technology LBT-T300-mini is a mini-plug-in router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-mini v1.2.9, which is caused by a buffer overflow in the pincode3g parameter in /apply.cgi...

openBI Code Issues Vulnerabilities

openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...