EUVD-2018-21625

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

Docebo LMS 跨站请求伪造漏洞

Docebo LMS is an learning management system provided by the Canadian company Docebo. Version 1.2 of Docebo LMS has a cross-site request forgeing vulnerability. This vulnerability stems from SQL injections in the id, idC, and idU parameters found in the lesson.php file, which may allow for the...

EUVD-2025-138069

Malicious code in flights-ilutg-idu npm...

Malicious code in saku-aku-idu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c86ff399abee510d89be4811197ec79825a0802990e968f1f69d74da507f78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2021-31439

Malicious code in bioql PyPI...

EUVD-2023-40613

Malicious code in bioql PyPI...

EUVD-2022-32823

Malicious code in bioql PyPI...

EUVD-2023-40612

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-idu (npm)

The package @zalastax/nolb-idu was found to contain malicious code...

MAL-2025-11968 Malicious code in @zalastax/nolb-idu (npm)

The package @zalastax/nolb-idu was found to contain malicious code...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

Command injection

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36669

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36670

CVE-2023-36670 affects Kratos NGC-IDU 9.1.0.4. The connected documents describe a remote command-injection vulnerability that allows an attacker to execute arbitrary Linux commands as root by sending crafted TCP requests to the device. The root cause and exact vulnerable component are tied to the...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2023-36669

CVE-2023-36669 (Kratos NGC IDU) affects Kratos NGC Indoor Unit prior to 11.4, where missing authentication for a critical function allows remote attackers with layer-3 network access to impersonate the Touch Panel Unit (TPU) by sending crafted TCP requests, granting arbitrary control of the IDU/O...