2836 matches found
SUSE CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
EUVD-2019-19715
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2019-25489
CVE-2019-25489 — Normal mode Impacting: Homey BNB V4. The vulnerability is a SQL injection in the hosting_id parameter used by the rooms/ajax_refresh_subtotal endpoint. It allows unauthenticated attackers to manipulate database queries, potentially exfiltrating sensitive data and causing a denial...
Doditsolutions Homey BNB SQL注入漏洞
Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the hostingid parameter, which allows for SQL injections. It may allow unverified attackers to...
PT-2026-22357
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting id parameter. Attackers can send GET requests to the rooms/ajax refresh subtotal endpoint with malicious hosting id values to extract...
CVE-2026-27194
D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...
Ghost SQL注入漏洞
Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...
GHSA-C87C-78RC-VMV2 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...
CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242 Gogs allows unauthenticated file uploads
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
CVE-2026-25242 Gogs allows unauthenticated file uploads
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
PT-2026-21349
Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.20.0 Description D-Tale, a visualizer for pandas data structures, has an issue allowing for Remote Code Execution. This is due to a flaw in the /save-column-filter API endpoint. Publicly hosted instances of D-Tale ar...
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...
PT-2026-20323
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Gogs versions prior to 0.14.1 Description Gogs, a self-hosted Git service, has an issue where unauthenticated file upload is possible by default. When the RequireSigninView setting is disabled which is the defaul...
Soliton Systems Kk FileZen 安全漏洞
Soliton Systems Kk FileZen is a file hosting device developed by the Japanese company Soliton Systems Kk. This device offers functions such as file storage, file transfer, and upload/download capabilities. There is a security vulnerability present in Soliton Systems Kk FileZen; this vulnerability...
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile EPMM can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitati...