5182 matches found
CVE-2021-22289
Improper Input Validation vulnerability in the project upload mechanism in B Automation Studio version =4.0 may allow an unauthenticated network attacker to execute code...
CVE-2020-24682
Unquoted Search Path or Element vulnerability in B Industrial Automation Automation Studio, B Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9....
WordPress B Slider- Gutenberg Slider Block for WP plugin <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 1.1.30...
EUVD-2025-205664
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS Advisory. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems Update B CISA encourages users and administrators to...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module. The connected documents consistently identify the vulnerable component as the Content Search feature and describe the root cause as an XSS vulnerability. Reported CVSS v3.1 base score is 5.4 (MEDIUM) w...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
CVE-2025-65838
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method...
CVE-2025-13797
The CVE-2025-13797 issue affects ADSLR B-QE2W401 (version 250814-r037c). The vulnerable component is the function parameter del_swifimac in /send_order.cgi, where manipulation enables remote command injection. Exploitation is publicly available and vendor has not responded. No specific patch/vers...
CVE-2025-13797 ADSLR B-QE2W401 send_order.cgi parameterdel_swifimac command injection
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...
CVE-2025-13797 ADSLR B-QE2W401 send_order.cgi parameterdel_swifimac command injection
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...
PT-2025-48547
PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method...
PublicCMS 安全漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b, which originates from a cross-site request forgery in CkEditorAdminController...
ADSLR B-QE2W401 安全漏洞
The ADSLR B-QE2W401 is a wireless router from China's Flying Fish Star ADSLR. A security vulnerability exists in ADSLR B-QE2W401 version 250814-r037c, which stems from the incorrect operation of the parameter delswifimac in the file /sendorder.cgi, which could lead to command injection...
PT-2025-48400
Name of the Vulnerable Software and Affected Versions ADSLR B-QE2W401 version 250814-r037c Description A command injection issue exists in ADSLR B-QE2W401 250814-r037c. Manipulation of the del swifimac parameter within the /send order.cgi file can lead to command execution. This attack can be...
PublicCMS 安全漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b, which originates from a server-side request forgery in the SimpleAiAdminController chat interface...
CVE-2025-61167
SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...
EUVD-2025-143167
Malicious code in budi-memeq-b npm...
EUVD-2025-139405
Malicious code in nuilva-vmiam-b npm...
CVE-2025-32091
Incorrect default permissions in some firmware for the IntelR ArcTM B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may...