CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

EUVD-2017-17002

Malware in sbrugna...

EUVD-2019-2978

Malware in sbrugna...

EUVD-2020-18693

Malware in sbrugna...

EUVD-2017-17003

Malware in sbrugna...

EUVD-2024-33573

Malicious code in bioql PyPI...

EUVD-2025-6871

Malicious code in bioql PyPI...

EUVD-2021-9273

Malicious code in bioql PyPI...

CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

CVE-2024-9309

CVE-2024-9309 is a Server-Side Request Forgery (SSRF) affecting the Controller API Server of haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability exists in the POST /worker_generate_stream endpoint and could allow an attacker to leverage the server’s credentials to perform unauthorized web act...

CVE-2024-10044

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

CVE-2024-10044

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

CVE-2024-10044 SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

NVIDIA BMC 操作系统命令注入漏洞

NVIDIA BMC is an OpenBMC open software framework from NVIDIA. NVIDIA BMC has a security vulnerability that stems from its SPX REST API that allows an authorized attacker to inject arbitrary shell commands resulting in code execution, denial of service, information disclosure, and data tampering...

CVE-2021-33220

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist...

CVE-2021-22115

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...