128 matches found
CVE-2026-40525
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...
EUVD-2003-0360
Malware in sbrugna...
EUVD-2022-0881
Malicious code in bioql PyPI...
CVE-2019-1010147
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...
Command Execution Vulnerability in Tianqing Hanma USG Firewall of Beijing Qixing Information Security Technology Co.
Tianqing Hanma USG Firewall is a new firewall series product launched by Qixing. There is a command execution vulnerability in Tianqing Hanma USG Firewall, which can be exploited by attackers to obtain server control privileges...
File Upload Vulnerability in DSS of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the DSS of Zhejiang Dahua Technology Co. Ltd, which can be exploited by an attacker to gain server control privileges...
Huawei HarmonyOS HwAirlink Module Buffer Overflow Vulnerability
Huawei HarmonyOS is an operating system from Huawei China Inc. Huawei HarmonyOS version 2.0, 2.1 is vulnerable to a buffer overflow vulnerability that stems from a boundary error in the handling of untrusted input by the HwAirlink module. An attacker could exploit the vulnerability to gain proces...
CVE-2022-29501
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution...
CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
Remote code execution
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
CVE-2021-44892
A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...
Damon database management system has a file upload vulnerability
Damon Database Management System is a centralized management platform to monitor, manage and maintain DM databases through a web interface. There is a file upload vulnerability in Damon Database Management System, which can be exploited by attackers to obtain server control privileges...
Command Execution Vulnerability in Patrol Cloud Light Forum System (CNVD-2022-01416)
Cruise cloud light forum system contains forums, Q&A module, using JAVA MYSQL architecture. A command execution vulnerability exists in the Patrol Cloud Light Forum system, which can be exploited by an attacker to gain server control privileges...
Unitrends Backup SNMP weak password vulnerability
Unitrends Backup is eliminating data loss, ransomware, and risk. versions prior to Unitrends Backup 10.5.5 have an SNMP weak password vulnerability that stems from the SNMP daemon being configured with a weak silent group name, which can be exploited by an attacker to gain snmp control privileges...
File Upload Vulnerability in Enterprise Mobile Management Platform (Leagsoft emm) of Shenzhen Leagsoft Technology Co.
Enterprise Mobility Management Platform Leagsoft emm is a full lifecycle security management platform for mobile applications, including device management, application management, user management, security policy management and other related functions. A file upload vulnerability exists in Leagso...
Ecoa Bas controller 信任管理问题漏洞
ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to hard-coded credentials, which can be exploited by attackers to directly log in and gain administrator control privileges...
File Upload Vulnerability in NetSign Signature Verification Server of Dongfang Tongweb Middleware of Beijing Xin'an Century Technology Co.
Ltd. provides signature verification server NetSign to provide digital signature services based on digital certificates for various types of electronic information data, electronic documents, etc., and verify the authenticity and validity of signatures on signed data; support user certificate...
File Upload Vulnerability in IPTV Business Management System of Shenzhen Zichen Video Technology Co.
Ltd. is a wholly-owned subsidiary of Beijing Zichen Pegasus Technology Co., Ltd. and is committed to providing a new generation of 4K ultra-high-definition audio-visual edge computing and so on for hotels, hospitals, communities, apartments, schools and enterprises and institutions. There is a fi...
File Upload Vulnerability in Collaborative Office Platform of Microsoft Technology (Hangzhou) Co.
Microsoft Technology Hangzhou Co., Ltd. is a professional ECM Collaboration Management Software and BPM Business Process Management Software R & D and solution provider. A file upload vulnerability exists in the Collaboration Office platform of Microhome Software Technology Hangzhou Co., Ltd, whi...