CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request...

CVE-2024-53582

CVE-2024-53582 affects OpenPanel v0.3.4, where the Copy and View functions in the File Manager are vulnerable to directory traversal via crafted HTTP requests. The root cause is a directory traversal flaw in the File Manager’s Copy and View endpoints, enabling an attacker to access filesystem pat...

CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request...

CVE-2025-24501

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request...

CVE-2025-24501

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open-Source Software (OSS) components

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Workspace by upgrading or removing the vulnerable libraries. Please refer to the table in the Related...

BIT-RUBY-MIN-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

Elspec G5 Digital Fault Recorder Inconsistent Interpretation of HTTP Requests (CVE-2024-22081)

An issue was discovered in Elspec G5 digital fault recorder. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-57036

CVE-2024-57036 applies to TOTOLINK A810R, specifically version 4.1.2cu.5032_B20200407. The vulnerability is a command insertion flaw in the downloadFile.cgi main function that allows an attacker to execute arbitrary commands by sending a crafted HTTP request. The reported CVSSv3.1 base score is 8...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

CVE-2025-0528 Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched...

CVE-2025-0528 Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

WAVLINK AC3000 Information Disclosure Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an information disclosure vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information via a specially crafted HTTP request...

WAVLINK AC3000 Access Control Error Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause an arbitrary firmware update via a specially crafted HTTP request...

CVE-2024-47140

Observium CE 24.4.13528 is affected by a reflected XSS in add_alert_check. An authenticated user must click a malicious link; the exploit injects JavaScript via the entity_type parameter. Talos assigns CVSS v3.1 score 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N). Observium and Talos note a vendor pa...

ROS-20250115-03

A vulnerability in the ldapescape function of the PHP programming language interpreter is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service A vulnerability in the dblib and...