PT-2025-2445 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow issue exists in the set info functionality of usbip.cgi. This can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. An attacker...

CVE-2024-50257

...

The vulnerability of the hns3 component in the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the hns3 component in the Linux operating system’s kernel is related to errors in reading beyond the boundary in the hns3getcoalinfo function. Exploiting this vulnerability can allow an attacker to cause a service failure...

WordPress plugin Debug Tool 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-37726

CVE-2024-37726 overview (MSI Center) : A local privilege-escalation in MSI Center

CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

Webasyst 跨站脚本漏洞

Webasyst is an open source PHP framework from Webasyst Inc. A cross-site scripting vulnerability exists in Webasyst version v.2.9.9 that could allow a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

CVE-2023-51100

Tenda W9 V1.0.0.74456CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo...

CVE-2023-51098

Tenda W9 V1.0.0.74456CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo...

fdkaac 缓冲区错误漏洞

fdkaac is a command-line front-end for the libfdk-aac encoder by the Japanese individual developer nu774. A security vulnerability exists in versions of fdkaac prior to 1.0.5, which stems from the discovery of a heap buffer overflow vulnerability via the cafinfo function in cafreader.c. The...

PT-2023-12417 · Unknown · Nethserver

Name of the Vulnerable Software and Affected Versions: NethServer phonenehome affected versions not specified Description: A critical issue affects the function get info/get country coor of the file server/index.php, leading to sql injection. Recommendations: Apply a patch to fix this issue. As a...

PT-2022-35821 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: A potential memory leak issue was identified in the xhci alloc stream info function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

CVE-2022-36469

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById...

OESA-2021-1364 wpa_supplicant security update

wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...

The vulnerability of the get_topic_info() function (sys/CODOF/Forum/Topic.php) in the Codoforum forum creation software allows a violator to execute arbitrary code.

The vulnerability of the gettopicinfo function sys/CODOF/Forum/Topic.php in the Codoforum forum creation software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system remotely...

PT-2022-8868 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 affected versions not specified Description: A double free issue was discovered in the cmd info function, located in cmd info.c. This issue could potentially allow modification of unexpected memory locations, leading to a crash...

ShopsN single merchant b2c mall system v2.3.6 suffers from SQL injection vulnerability (CNVD-2018-25892)

ShopsN single merchant b2c mall system is an open source online store system developed using PHP + MySQL. ShopsN single merchant b2c mall system v2.3.6Us.class.php file userinfo function there is a SQL injection vulnerability , the attacker can use the vulnerability to obtain the administrator...

CVE-2018-3898

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The transinfo call can overwrite a buffer of size 0x104, which is more than enough to...