Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

GHSA-6X2M-W449-QWX7 Code Injection in CRI-O

Impact A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the kernel.corepattern kernel parameter ...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission...

The vulnerability of HEVC Video Extensions relates to improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of HEVC Video Extensions is related to incorrect code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Siemens Mendix 安全特征问题特征问题漏洞

Siemens Mendix is a low-code application development platform from Siemens, Germany. The platform provides application development, testing, deployment, and iteration capabilities. Siemens Mendix contains a security vulnerability that could be exploited by an attacker to retrieve information abou...

Code injection

UNSUPPORTED WHEN ASSIGNED In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer...

Antaris RazorEngine 安全漏洞

Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...

The vulnerability of the embedded software of NETGEAR’s routers such as R8000, RAX200, R8000P, R7900P, RBR850, RBS850, and RBK852 lies in the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of the embedded software of NETGEAR routers such as R8000, RAX200, R8000P, R7900P, RBR850, RBS850, and RBK852 lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

Cross site scripting

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

The vulnerability of HEVC Video Extensions relates to improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of HEVC Video Extensions is related to incorrect code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Code injection

Potential vulnerabilities have been identified in UEFI firmware BIOS for some PC products which may allow escalation of privilege and arbitrary code execution...

CVE-2022-24587

A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...

Superjson 代码注入漏洞

superjson is a superset that securely serializes JavaScript expressions to Json. A code injection vulnerability exists in superjson that allows inputs to run arbitrary code on any server using superjson inputs without prior validation or knowledge. The only requirement is that the server implemen...

OS Command Injection in microweber/microweber

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

PT-2022-1874

Name of the Vulnerable Software and Affected Versions VP9 Video Extensions affected versions not specified Description The issue is related to incorrect code generation management in the VP9 Video Extensions package. An attacker can exploit this by sending a specially crafted request, potentially...

D-Link Di-7200G 命令注入漏洞

D-Link Di-7200G is a gigabit enterprise router from China Youxun D-Link. D-Link DI-7200G V2.E1 v21.04.09E1 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the path parameter...

Tenda G1 and G3 命令注入漏洞

The Tenda G1 and G3 are routers from the Chinese company Tenda. A command injection vulnerability exists in the Tenda G1 and G3 that can be exploited to execute arbitrary commands via the picname parameter...

CVE-2022-23871

Multiple cross-site scripting XSS vulnerabilities in the component outcomesaddProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters...