fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.7.0 contained security vulnerabilities. These...

Insights into Security-Related AI-Generated Pull Requests

Recent years have experienced growing contributions of AI coding agents that assist human developers in various software engineering tasks. However, this growing AI-assisted autonomy raises questions about security and trust. In this paper, we analyze more than 33,000 AI-generated pull requests P...

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2019-25298 html5_snmp 1.11 - 'Router_ID' SQL Injection

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

EUVD-2019-19401

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

CVE-2021-47909

CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...

EUVD-2012-4190

Malware in sbrugna...

EUVD-2013-3200

Malware in sbrugna...

EUVD-2006-4464

Malware in sbrugna...

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

CVE-2011-5312

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...

CVE-2009-2907

Multiple cross-site scripting XSS vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite AMS before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers t...

Decoding OWASP – A Security Engineer’s Roadmap to Application Security

In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...

Arista Networks Edge Threat Management Security Vulnerability

Arista Networks Edge Threat Management is a network security solution from Arista Networks, Inc. Arista Networks Edge Threat Management has a security vulnerability that stems from the presence of multiple SQL injection vulnerabilities. An attacker could exploit the vulnerability to elevate...

Vulnerability-scanner-2023

Vulnerability-scanner-2023 Please support us to continue ht...

CVE-2022-35878

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

CVE-2022-2136

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information...

COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL Injection:...

Web Application and API Protection -- From SQL Injection to Magecart

SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security Project OWASP highlighted injection flaws in its Top 10 lists for both web application security risks...