718 matches found
CVE-2025-65397
An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...
PT-2026-2920
Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...
EUVD-2026-1864
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler...
CVE-2026-22777
CVE-2026-22777 concerns ComfyUI-Manager, an extension for ComfyUI. A CRLF injection vulnerability exists in the configuration handling where an attacker can inject special characters into HTTP query parameters to add arbitrary values to the config.ini, potentially tampering with security settings...
CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...
CVE-2020-7617
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...
CVE-2023-53944
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...
EUVD-2025-202846
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled valuelen...
📄 Casdoor 2.95.0 Directory Traversal
Casdoor version 2.95.0 directory traversal proof of concept exploit. ============================================================================================================================================= | Title : Casdoor 2.95.0 Directory Traversal | | Author : indoushka | | Tested on :...
CVE-2022-4983
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...
Malicious code in planetology-deneb-betelgeuse-ini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d9e76fd68dea4a218da7554c4a828cd8f512e9399f2f98a6ba89184f1e1ac45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177661
Malicious code in neptune-ini-apex-ophiuchus npm...
EUVD-2025-179174
Malicious code in elektra-jekyll-ini-async npm...
EUVD-2025-179897
Malicious code in callisto-cors-ini-puppeteer npm...
EUVD-2025-178409
Malicious code in ini-quito-stratosphere-slides npm...
EUVD-2025-176707
Malicious code in release-it-perseus-ini-node-config npm...
Malicious code in neptune-ini-apex-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37b63ab4631ab55ea26f71c7b50ce32dc848123780edb2d0f6b35e671c557b81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178163
Malicious code in lacerta-chalk-ini-neptune npm...
EUVD-2025-178553
Malicious code in helmet-sirius-ini-mocha npm...
EUVD-2025-180128
Malicious code in baryon-ini-biomimicry-entanglement npm...