Frappe CRM SQL注入漏洞

Frappe CRM is a full-featured customer relationship management system from Frappe Open Source. A SQL injection vulnerability exists in Frappe CRM version 1.53.1, which stems from a user control parameter that is insecurely linked to a dynamic SQL statement, which could lead to a SQL injection...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988894 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctltcpfwmarkaccept. While reading sysctltcpfwmarkaccept, it c...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987146)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987146 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmaxreordering. While reading sysctltcpmaxreordering, it can b...

TOTOLINK A702R /boafrm/formIpQoS File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /boafrm/formIpQoS failing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from data contention in the icmp sysctl variable...

CVE-2023-45576

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and...

D-Link DI-7003G Buffer Error Vulnerability

The D-Link DI-7003G is a wireless router from China-based D-Link. A security vulnerability exists in the D-Link DI-7003G, which can be exploited to execute arbitrary code via the removeextproto/removeextport parameter of the upnpctrl.asp function...

CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

GSD-2021-1001920 isdn: cpai: check ctr->cnr to avoid array index out of bound

isdn: cpai: check ctr-cnr to avoid array index out of bound This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.290 by commit...

Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)

The ZebraForm PHP library v2.9.8 latest and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file. There is currently no patch available and the removal of this library is recommended. Via $GET'form': &control=upload" method="post"...

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...