CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

CVE-2025-70828

Datart CVE-2025-70828 affects Datart v1.0.0-rc.3 via the url parameter in the JDBC configuration, enabling arbitrary code execution as described in the description. The entry notes exploitation PoC and overall impact, but no concrete root-cause details, affected components, versions beyond the ve...

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters terminaladdr/serverip/serverport in the Configuration...

CVE-2025-13852

The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the leadform shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13852

CVE-2025-13852 : Debt.com Business in a Box (WordPress) is vulnerable to Stored XSS via the configuration parameter of the lead_form shortcode in all versions up to 4.1.0. Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor le...

CVE-2025-13852 Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configuration' parameter of the leadform shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2017-3920

Malware in sbrugna...

EUVD-2019-17781

Malware in sbrugna...

EUVD-2000-0446

Malware in sbrugna...

EUVD-2022-38750

Malicious code in bioql PyPI...

EUVD-2022-24359

Malicious code in bioql PyPI...

EUVD-2021-28311

Malicious code in bioql PyPI...

MotionEye 安全漏洞

motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in MotionEye v0.43.1b4 and earlier versions, which stems from a configuration parameter that is not cleaned of user input and could lead to an OS command injection attack...

CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

GHSA-M43G-M425-P68X junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener

Summary This vulnerability affects JUnit's support for writing Open Test Reporting XML files which is an opt-in feature of junit-platform-reporting. If a repository is cloned using a GitHub token or other credentials in its URL, for example: bash git clone...

CVE-2022-1009

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin ...