224 matches found
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
CVE-2026-57269
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57269
GeoWebPlayer (Web Plugin/WS Player) in GeoVision software exposes a websocket server where an unvalidated index can access multiple arrays out-of-bounds, leading to an out-of-bounds read. This affects the Websocket interface used by GV-VMS and GV-Cloud; CVSS 3.1 base score 8.3 (HIGH) with potenti...
CVE-2026-54021
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...
CVE-2026-54021 Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...
PT-2026-50956
Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization through the getollamaurl process. An attacker can gain unauthorized access to restricted backend resources by supplying a crafted urlidx path parameter to route requests to internal or...
GHSA-9RPJ-V7HF-VV2W Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Summary Several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access control on these routes validates only whether the user may use the requested model, never which backend the...
Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Summary Several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access control on these routes validates only whether the user may use the requested model, never which backend the...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setDmzCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which processes...
Tenda i12 安全漏洞
The Tenda i12 is a ceiling-mounted wireless access point produced by the Chinese company Tenda. Version 1.0.0.113862 of the Tenda i12 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters index and wlradio, which may lead to a stack buffer overflow atta...
Django: Django: SQL Injection via RasterField band index parameter
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...
CVE-2026-3976
A weakness has been identified in Tenda W3 1.0.0.32204. Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch t...
CVE-2026-3971
A vulnerability has been found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has bee...
PT-2026-28668
Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A stack-based buffer overflow exists in the POST Request Handler component of Tenda AC5 version 15.03.06.47. The issue is located in the formWifiWpsOOB function within the /goform/WifiWpsOOB file...
CVE-2019-25632
CVE-2019-25632 affects phpFileManager 1.7.8. The vulnerability is a local file inclusion that lets unauthenticated attackers read arbitrary server files by manipulating the action, fm_current_dir, and filename parameters in index.php. Attackers can send crafted GET requests to index.php to access...
CVE-2026-4632 itsourcecode Online Enrollment System Parameter index.php sql injection
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...
CVE-2026-32850 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex paramete...
EUVD-2019-19895
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
PT-2026-26921
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...