Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates

Summary Kimai's Twig sandbox StrictPolicy, used for admin-uploaded invoice and export templates allow-lists the config Twig function with no key filtering. configname delegates to App\Configuration\SystemConfiguration::find$name, which returns arbitrary entries from the flattened kimai.config...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

ROS-20260304-73-0015

A vulnerability in the cscfgcsdevenableactiveconfig function of the Linux kernel is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the restoreConfig function. An attacker can overwrite arbitrary files on the host system and cause permanent data loss by providing a maliciously crafted ZIP archive containing traversal paths and insufficient...

PT-2026-6684

Name of the Vulnerable Software and Affected Versions DCN DCME-320 versions up to 20260121 Description A flaw exists in the Web Management Backend component of DCN DCME-320. Specifically, manipulating the ip list argument within the apply config function of the /function/system/basic/bridge cfg.p...

CVE-2025-70303

A heap overflow in the uncvparseconfig function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability

Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...

Prototype Pollution

spmrc is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the set and config functions, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, leading to denial of service DoS or other unexpected behaviors...

EUVD-2020-11457

Malware in sbrugna...

EUVD-2022-41409

Malicious code in bioql PyPI...

CVE-2025-57327

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

CVE-2025-57327

CVE-2025-57327 affects the spmrc package (rc manager for spm) and describes a Prototype Pollution vulnerability in the set and config functions. The vulnerability lets an attacker inject properties into Object.prototype via a crafted payload, with the minimum consequence being Denial of Service. ...

spmrc 安全漏洞

spmrc is an open source spmrc management library from Static Package Manager. A security vulnerability exists in spmrc 1.2.0 and earlier versions, which stems from prototype contamination of the set and config functions, which allows an attacker to inject attributes via a specially crafted payloa...

PT-2025-34611 · D Link · Dsl-7740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL-7740C version DSL7740C.V6.TR069.20211230 Description: An incorrect access control issue exists in the config.xgi function of the device. This allows attackers to download the configuration file by submitting a crafted web request...

CVE-2020-19553

Cross Site Scripting XSS vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

PT-2026-3089

Name of the Vulnerable Software and Affected Versions GPAC version 2.4.0 Description A heap overflow exists in the uncv parse config function. This issue can be triggered by processing a specially crafted MP4 file, potentially leading to a Denial of Service DoS. Recommendations Update to a newer...

PT-2024-28627 · Bert-Vits · Bert-Vits

Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue is related to the data dir variable, where user input is concatenated with other folders and used to open a new file in the generate config function, leading to a limited file write...

CVE-2024-38998

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

PT-2024-28313

Name of the Vulnerable Software and Affected Versions requirejs version 2.3.6 Description The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the config function. Recommendations Fo...