32 matches found
CVE-2026-1552
CVE-2026-1552 affects SEMCMS 5.0, with vulnerability in unknown code of the file /SEMCMS_Info.php. The issue arises from manipulating the argument searchml, leading to a SQL injection that can be leveraged remotely. Public exploit information has been disclosed, and the vendor was contacted but d...
CVE-2025-15114 Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability
Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...
MAL-2025-108230 Malicious code in rubber_hummingbird-silentdev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b020eb8d0af2775ea48b8de006f268535de12d86a8a3a55c5744e908050f33d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nina-keripik56-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2b96ab87e4d68128060fa8c232964715f451f9e71b9c3c201e76132b08249b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2005-2456
Malware in sbrugna...
EUVD-2024-18111
Malicious code in bioql PyPI...
CVE-2025-10332 cdevroe unmark info.php cross site scripting
A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...
CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/billinfo.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...
CVE-2025-9509
CVE-2025-9509 affects itsourcecode Apartment Management System 1.0. The flaw is a SQL injection in the /report/fair_info_all.php file, triggered by manipulating the fid parameter. Based on connected sources, the issue can be exploited remotely and an exploit has been publicly released. Impact is ...
CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection
A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...
CVE-2020-36848
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to...
CVE-2011-3789
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/incscript/frontendrender/disabled/majonavi.php and certain other files...
CVE-2006-6680
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file...
Macro-Video V380 安全漏洞
Macro-Video V380 is an IP camera from Macro-Video. A security vulnerability exists in Macro-Video V380 version 1020302, which originates in the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components could lead to the execution of arbitrary code...
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...
CVE-2025-22275
CVE-2025-22275 affects iTerm2 3.5.6–3.5.10; a vulnerability allows remote attackers to obtain sensitive information from terminal commands by reading /tmp/framer.txt during remote logins with certain it2ssh/SSH Integration configurations (noted when hosts share a Python installation). Root cause ...
Linksys WRT54GL Security Breach
The Linksys WRT54GL is a wireless router from Linksys, USA. A security vulnerability exists in Linksys WRT54GL version 4.30.18, which originates from an information disclosure vulnerability in the file /SysInfo1.htm...
Hospital Management System SQL注入漏洞
Hospital Management Center is a web system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management Center is vulnerable to a SQL injection vulnerability that originates in an unknown function in the file patient-info.php Lack ...
Online Traffic Offense Management System 1.0 - Multiple Remote Code Execution Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...
Enphase Envoy 信任管理问题漏洞
The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Energy Envoy has a trust management issue vulnerability that stems from the installer and Enphase accounts having hard-coded web panel login passwords, which are hard-coded values...