193 matches found
EUVD-2020-2958
Malware in sbrugna...
EUVD-2020-21348
Malware in sbrugna...
EUVD-2023-43509
Malicious code in bioql PyPI...
EUVD-2025-19506
Malicious code in bioql PyPI...
JVN#89505333: Multiple vulnerabilities in Active! mail
Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-52462 Cross-site request...
CVE-2025-36513
Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed...
CVE-2025-36513
CVE-2025-36513 is a CSRF vulnerability in i-PRO Co., Ltd. surveillance cameras. When a logged-in user views a crafted page, unintended operations may be performed. Affected products: i-PRO surveillance cameras (multiple models). Root cause: Cross-Site Request Forgery (CSRF, CWE-352). Impact: pote...
CVE-2025-36513
Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed...
CVE-2025-48046 MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...
CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...
JVN#22348866: Active! mail vulnerable to stack-based buffer overflow
Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. Impact Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead t...
CVE-2024-56968
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload...
Command Execution Vulnerability in Internet Behavior Management System of Beijing Tianrongxin Technology Co.
Ltd. is an information security product and service solution provider. A command execution vulnerability exists in the Internet behavior management system of Beijing Tianrongxin Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-41929
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
CVE-2024-42905
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file...
Command Execution Vulnerability in Tianrongxin Internet Behavior Management System of Beijing Tianrongxin Technology Co. Ltd (CNVD-2024-37302)
Beijing Tianrongxin Technology Co., Ltd. is a solution provider of information security products and services in China. Beijing Tianrongxin Technology Co., Ltd Tianrongxin Internet behavior management system has a command execution vulnerability that can be exploited by attackers to gain control ...
SQL Injection Vulnerability in WisdomWater Business Charge Management System of New Day Technology Co. Ltd (CNVD-2024-36424)
Xintian Technology Co., Ltd. is an enterprise mainly engaged in the instrumentation manufacturing industry. A SQL injection vulnerability exists in the WisdomWater WisdomWater Business Charge Management System of Xintian Technology Co. Ltd. that can be exploited by attackers to obtain sensitive...
CVE-2024-31070
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly...
KingH5Stream of Beijing Asian Control Technology Development Co. Ltd. suffers from a logic flaw vulnerability (CNVD-2024-35270)
Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise founded in 1997 as a software platform for industrial automation and informatization. A logic flaw vulnerability exists in KingH5Stream of Beijing Asian Control Technology Development Co. Ltd, which can be exploited ...