CVE-2021-28936

The Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known default:admin whereas no previous authentication is required...

CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

EUVD-2018-4453

Malware in sbrugna...

EUVD-2023-56347

Malicious code in bioql PyPI...

EUVD-2024-44238

Malicious code in bioql PyPI...

EUVD-2022-25876

Malicious code in bioql PyPI...

CVE-2025-5829

Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers...

CVE-2025-1051

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-23971

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from...

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed...

CVE-2025-24797

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

CVE-2024-39602

CVE-2024-39602 affects WAVLINK AC3000 M33A8.V5030.210505. The vulnerability is in nas.cgi set_nas(), where insufficient input handling allows an authenticated HTTP request to trigger arbitrary command execution via the set_nas flow (external config control). TALOS CVE details indicate a high-seve...

Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the getWidgetPoolManager function. The issue results from the lack of proper validation...

PT-2023-22251 · Plainware · Plainware Shiftcontroller Employee Shift Scheduling

Name of the Vulnerable Software and Affected Versions: Plainware ShiftController Employee Shift Scheduling plugin versions = 4.9.23 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects...

CVE-2023-1065

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploi...

CVE-2022-1838 Home Clean Services Management System login.php sql injection

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP5JPeh//AND//'frfq%'='frfq leads to sql...

LinkNet LW-N605R 12.20.2.1486 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Title: LW-N605R 12.20.2.1486 - Remote Code Execution Author: Nassim Asrir Vendor: LINK-NET Product Link: http://linknet-usa.com/main/productinfo.php?productsid=35&language=es Firmware version: 12.20.2.1486 CVE: N/A Description: LW-N605R...

OCS Inventory NG Server 1.2.1 SQL Injection

OCS Inventory NG Server 1.2.1 Details: The Open Computer and Software OCS Inventory Next Generation NG provides relevant inventory information about system configurations and software on the network. Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1 Found by : Guilherme Marinheiro...

Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server. Remotely exploitable: Yes Authentication to Database Server is...

Cheops NG without password

The remote service does not require a password for access. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...