35 matches found
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...
EUVD-2025-24096
Malicious code in bioql PyPI...
EUVD-2025-16254
Malicious code in bioql PyPI...
EUVD-2024-31742
Malicious code in bioql PyPI...
EUVD-2025-12563
Malicious code in bioql PyPI...
EUVD-2025-1862
Malicious code in bioql PyPI...
CVE-2025-9481 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 stack-based overflow
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrdPrefix leads to stack-based buffer...
CVE-2025-9236 Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...
CVE-2025-8824 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched...
CVE-2025-8819
The CVE-2025-8819 issue affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 series (firmware up to 20250801). The vulnerability lies in the /goform/setWan file, specifically the setWan function, where crafting an input for the staticIp argument triggers a stack-based buffer overflow. This e...
CVE-2025-8796
A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/deleteproject/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack...
CVE-2025-8796
LitmusChaos up to 3.19.0 is affected by a vulnerability in the Delete Request Handler, specifically the /auth/delete_project/ path. Manipulating the projectID parameter leads to missing authorization, enabling a remote attack. Exploitation details have been publicly disclosed, and vendor contact ...
CVE-2025-8785
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educarusuariolst.php. The manipulation of the argument nmpessoa/matricula/matriculainterna leads to cross site scripting. The...
CVE-2025-8755
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...
CVE-2025-8750
A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. The attack can be...
CVE-2024-13199
A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotel...
CVE-2025-3982
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...
CVE-2025-3613 Demtec Graphytics visualization cross site scripting
A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2024-11487 Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection
A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...
CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...