web-vulnerability-scanner_project

web-vulnerability-scannerprojec...

OPENSUSE-SU-2026:20852-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.7.0 contained security vulnerabilities. These...

Insights into Security-Related AI-Generated Pull Requests

Recent years have experienced growing contributions of AI coding agents that assist human developers in various software engineering tasks. However, this growing AI-assisted autonomy raises questions about security and trust. In this paper, we analyze more than 33,000 AI-generated pull requests P...

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

MCP Atlassian 代码问题漏洞

MCP Atlassian is an MCP server developed by Hyeonsoo Lee, which connects AI assistants with project management tools. Versions of MCP Atlassian prior to 0.17.0 contained code vulnerabilities. These vulnerabilities stemmed from defects in the HTTP middleware and dependency injection layer,...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

EUVD-2019-19401

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

CVE-2019-25298 html5_snmp 1.11 - 'Router_ID' SQL Injection

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

CVE-2019-25298

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

Fishing Reservation System SQL注入漏洞

The Fishing Reservation System is a fishing reservation system developed by Fishing Reservation Company. Version 7.5 of the Fishing Reservation System has a SQL injection vulnerability. This vulnerability stems from multiple remote SQL injection vulnerabilities present in the admin.php, cart.php,...

CVE-2021-47909

CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...

EUVD-2013-3200

Malware in sbrugna...

EUVD-2006-4457

Malware in sbrugna...

EUVD-2012-4190

Malware in sbrugna...

EUVD-2014-3698

Malware in sbrugna...

EUVD-2006-4464

Malware in sbrugna...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20281link is external Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337link is external Cisco Identity Services Engine Injection...

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

CVE-2011-5312

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...