DRUPAL-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

CVE-2026-7044

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin=custom=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

CVE-2026-7067 D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

CVE-2026-4627

CVE-2026-4627 concerns D-Link DIR-825 and DIR-825R (firmware 1.0.5/4.5.1) where the NTP Service’s function handler_update_system_time in libdeuteron_modules.so can lead to an OS command injection. The issue, remotely exploitable, arises in a component that is stated as affected; devices are noted...

CVE-2026-4627 D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

CVE-2026-4486

D-Link DIR-513 (firmware 1.10) Web Service: The formEasySetPassword function in /goform/formEasySetPassword is vulnerable. Manipulating the curTime argument leads to a stack-based buffer overflow, with remote access possible. The exploit is publicly available, and this affects products no longer ...

CVE-2026-1505

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2025-15245

CVE-2025-15245 concerns D-Link DCS-850L firmware, version 1.02.09, in the Firmware Update Service’s uploadfirmware function. The issue is a path traversal caused by manipulating the DownloadFile argument. Exploitation requires local-network access, and public exploit code exists. The vulnerabilit...

PT-2025-53922

Name of the Vulnerable Software and Affected Versions D-Link DCS-850L version 1.02.09 Description A flaw exists within the Firmware Update Service component, specifically in the uploadfirmware function. The issue stems from manipulating the DownloadFile argument, leading to a path traversal...

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

Apache Submarine Commons Utils has a hard-coded secret

Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. If the user doesn't explicitly set submarine.auth.default.secret, a defaul...

CVE-2023-5287

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admincontenttag.php?action=savecontent. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attac...

PT-2023-32008 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: BEECMS version 4.0 Description: A vulnerability was found in BEECMS, affecting an unknown part of the file /admin/admin content tag.php?action=save content. The manipulation of the tag argument leads to cross-site scripting. It is possible to...

UBUNTU-CVE-2023-1601

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

DRUPAL-CONTRIB-2023-011

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

CVE-2022-31361

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

DRUPAL-CONTRIB-2022-017

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...