Visitor Management System front.php File SQL Injection Vulnerability

Visitor Management System is a visitor access management system. The Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /front.php. An attacker can exploit this...

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...

Tenda AC20 注入漏洞

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a command injection vulnerability that originates from the websFormDefine function in the /goform/telnet file failing to properly filter constructor command special characters, commands, etc. This...

Huawei EnzoH OS Command Injection Vulnerability (CNVD-2025-23594)

Huawei EnzoH is a wireless access device from Huawei China. Huawei EnzoH suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22717)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

Linux Distros Unpatched Vulnerability : CVE-2022-1729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build...

CVE-2024-58255

EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution...

CVE-2024-58256

EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...

AutoGPT 授权问题漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to make accessible AI available and buildable for everyone. An authorization issue vulnerability exists in AutoGPT v0.6.15 and prior versions, which stems from an authorization bypass that could lead to accessing arbitrary execution results...

CVE-2025-5038

A maliciously crafted XT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-46410

A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...

CVE-2025-53084

A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

DJ-Extensions DJ-Flyer SQL注入漏洞

DJ-Extensions DJ-Flyer is a showcase project or service profile extension from DJ-Extensions, Inc. A SQL injection vulnerability exists in DJ-Extensions DJ-Flyer versions 1.0-3.2, which stems from a SQL injection vulnerability that could lead to the execution of arbitrary SQL commands...

CVE-2025-50481

Mezzanine CMS v6.1.0 contains a stored XSS vulnerability in the /blog/blogpost/add component. The root cause is insufficient input validation that allows injecting crafted payloads into blog posts to execute arbitrary scripts. Exploit activity is evidenced in exploit databases (e.g., Exploit-DB, ...

Adobe ColdFusion Operating System Command Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion operating system command injection vulnerability, the vulnerability stems from the...

TOTOLINK N300RB Command Injection Vulnerability

The TOTOLINK N300R is a wireless router for home and small office scenarios from Korean networking brand TOTOLINK. The TOTOLINK N300RB suffers from a command injection vulnerability that originates from the remote support feature of static key protection, which can be exploited by an attacker to...

CVE-2025-49834

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...