Pretty Url <= 1.5.4 - Cross-Site Scripting

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2009 info: name: Pretty Url = 1.5.4 -...

CVE-2021-22405

There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...

CVE-2024-39799

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

EUVD-2020-4786

Malware in sbrugna...

EUVD-2000-1044

Malware in sbrugna...

EUVD-2023-51345

Malicious code in bioql PyPI...

EUVD-2022-5551

Malicious code in bioql PyPI...

EUVD-2024-45747

Malicious code in bioql PyPI...

EUVD-2024-38380

Malicious code in bioql PyPI...

EUVD-2024-38384

Malicious code in bioql PyPI...

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

GHSA-Q4XQ-445G-G6CH vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-operator, keycloak-fips, keycloak-config-cli...

Tenda W18E SetQuickcfgWifianDlogin Function Access Control Error Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. An access control error vulnerability exists in the Tenda W18E version 16.01.0.81625, which stems from a faulty access control in the SetQuickcfgWifianDlogin function, and can be exploited by an attacker to make unauthorized...

CVE-2020-15082

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...

CVE-2024-51542

Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-39795

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

Wavlink AC3000 nas.cgi set_ftp_cfg() Configuration Control Vulnerabilities

Talos Vulnerability Report TALOS-2024-2056 Wavlink AC3000 nas.cgi setftpcfg Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39788,CVE-2024-39790,CVE-2024-39789 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavli...

GHSA-XMMM-JW76-Q7VG vulnerabilities

Vulnerabilities for packages: keycloak-config-cli...

Advisory ROSA-SA-2024-2393

Software: runc 1.0.0 OS: rosa-server79 packageevrstring: runc-1.0.0.0-70.rc10.res7 CVE-ID: CVE-2019-19921 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: runc has improper access control leading to elevated privileges associated with libcontainer/rootfslinux.go. To exploit this, an attacker must be able t...

SUSE-SU-2022:1254-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2022-24349: Fixed a reflected XSS in the action configuration window bsc1196944. - CVE-2022-24917: Fixed a reflected XSS in the service configuration window bsc1196945. - CVE-2022-24918: Fixed a reflected XSS in the item configuration windo...