48 matches found
PT-2026-38648
Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getMember function in the backend endpoint when processing the cloudaccount argument. An attacker can execute code or manipulate application behavior by supplying crafted serialized data. Detail...
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...
CVE-2026-2898
The CVE concerns funadmin up to 7.1.0-rc4, affecting the Backend Endpoint through the function getMember in app/common/service/AuthCloudService.php. The issue stems from deserialization triggered by manipulating the cloud_account argument, enabling a remote attack. The exploit is publicly availab...
FunAdmin 代码问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the cloudaccount parameter in the function getMember within the component’s Backen...
PT-2026-21403
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud account results in deserialization. The attack may be performed from...
EUVD-2017-17190
Malware in sbrugna...
EUVD-2018-7356
Malware in sbrugna...
EUVD-2025-16170
Malicious code in bioql PyPI...
EUVD-2025-16160
Malicious code in bioql PyPI...
CVE-2025-34066
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...
CVE-2025-45468
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45472
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45468
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...
CVE-2025-45471
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account...