CVE-2025-63951

An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 2025-10-07. The 'rss' GET parameter receives data that is passed directly to the unserialize function without validation. Thi...

CVE-2025-63951

The CVE-2025-63951 vulnerability affects the MiczFlor RPi-Jukebox-RFID project, specifically the rss-mp3.php script. The rss GET parameter is passed directly to PHP’s unserialize() without validation, enabling a remote, unauthenticated attacker to inject arbitrary PHP objects, which can cause err...

EUVD-2006-1031

Malware in sbrugna...

CVE-2023-45111

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-29412 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue is related to multiple Unauthenticated SQL Injection vulnerabilities. The name parameter of the "feed.php" resource does not validate the characters received, and they are sent...

PT-2023-29411 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the feedback parameter of the "feed.php" resource does not validate the characters received, sending...

CVE-2023-45202

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

PT-2023-29455 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Open Redirect vulnerabilities. Specifically, the q parameter of the "feed.php" resource is vulnerable, allowing an attacker to redirect a victim user to an arbitra...

CVE-2022-40719

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpdgeneric.lua plugin for the xupnpd service, which...

Fidelis Network Deception 命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A command injection vulnerability exists in...

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

PT-2022-18822 · Unknown · Navigate Cms

Name of the Vulnerable Software and Affected Versions: Navigate CMS version 2.9.4 Description: A Server-Side Request Forgery SSRF in the feed parser class allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

CVE-2021-25068

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feedid' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard...

Cross site scripting

Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...

CVE-2006-1957

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to cause a denial of service disk consumption and possibly web-server outage via multiple requests with different values of the feed parameter...

Design/Logic Flaw

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to cause a denial of service disk consumption and possibly web-server outage via multiple requests with different values of the feed parameter...

Design/Logic Flaw

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message...

CVE-2006-1957

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to cause a denial of service disk consumption and possibly web-server outage via multiple requests with different values of the feed parameter...

CVE-2006-1956

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message...