EUVD-2026-37719

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

CVE-2023-51701

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

程氏舞曲CMS最新php版本多处sql注入漏洞

简要描述： 操蛋捏。 详细说明： 昨天刚下载的，2.16号更新的版本。 第一处在管理后台：https://images.seebug.org/upload/app/controllers/admin/news.php第66行 public function so $key = $this-input-get'key';//使用get方式获取相关参数，没做处理 $user = $this-input-get'user'; $cid = $this-input-get'cid'; $page = $this-input-get'page'; ifempty$page $page=1;...

Directory traversal

Directory traversal vulnerability in the usergetprofile function in include/functions.inc.php in Coppermine Photo Gallery CPG 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang part of serialized data in...