CVE-2024-57395

Safety production process management system v1.0 is affected by CVE-2024-57395, where password and account number parameters enable a remote attacker to escalate privileges, execute arbitrary code, and obtain sensitive information. The available connected sources describe the issue and its impact...

CVE-2024-57395

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters...

Malicious code in digitalexp-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9833903519bade9052cdd1225ca96239d62fbff6d2cfc10be31dc013063ee830 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24364

CVE-2025-24364 affects vaultwarden (Unofficial Bitwarden server) written in Rust. The vuln requires authenticated access to the vaultwarden admin panel and allows arbitrary code execution by manipulating mail settings to trigger shell commands, with a specially crafted favicon used to embed comma...

CVE-2024-39750 IBM Analytics Content Hub buffer overflow

IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash...

CVE-2024-12600

The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frswooproducttabs' parameter. This makes it possible for authenticated attackers, with Shop...

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

CVE-2024-13593 BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

Tenda AC18 formSetDeviceName function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the devName parameter of the formSetDeviceName function failing to properly validate the length of the input data, which can be exploited by an attacker to...

Malicious code in mathworks.github.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32e52ada951c82ef138dcd96976a00cb9d2e1c15f171f1b3c4768a030075bba3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in marked-as (npm)

This package is imitating the popular marked library. It contains a VBScript to extract a bundled PE payload, make it hidden, and execute it. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16c9c50d2f56b3edc3a26ddebf2c1da3ef628b3aa1c8da23bc2e5b0b2b157dea Any compute...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which arises from the program incorrectly retaining setup privileges, and can be exploited by an attacker to elevate privileges without requiring addition...

WAVLINK AC3000 adm.cgi set_sys_adm function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi setsysadm function failing to correctly validate the length of the input data, and can be exploited by a remote attacker t...

CVE-2024-57774

A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-57772

A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation in the "create new backup" function, allowing a remote attacker to execute arbitrary code via the endpoint /admin/module/view?type=adminbackup...

CVE-2025-0457

The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands...

CVE-2025-0457 NetVision Information airPASS - OS Command Injection

The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands...

CVE-2024-57772

A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...