CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

CVE-2019-25243

FaceSentry 6.4.8 has an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php. The root cause is unsanitized inputs in strInIP/strInPort, enabling arbitrary shell commands with root privileges. Affected product: FaceSentry 6.4.8. Impact is described as high. Rem...

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

PT-2025-53364

Name of the Vulnerable Software and Affected Versions Microhard Systems IPn4G version 1.1.0 Description The software contains an authentication bypass that allows authorized attackers to read, modify, or delete arbitrary files. The issue resides in the hidden system-editor.sh script. Attackers ca...

CSZ CMS 跨站脚本漏洞

CSZ CMS is an open source web application by the individual developer Cskaza Bassist that allows managing all content and settings on a website. A cross-site scripting vulnerability exists in CSZ CMS version 1.2.7, which stems from insufficient validation of message header inputs and could lead t...

CMSimple 跨站脚本漏洞

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

rexml: REXML denial of service

A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

SUSE CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor that stems from improperly cleaned inputs in the page template feature, which could lead to stored cross-site scripting...

EUVD-2025-204351

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

CVE-2022-50681

This CVE affects Kentico Xperience’s Rich Text Editor component. The vulnerability is a reflected Cross‑Site Scripting (XSS) flaw that allows attackers to inject malicious scripts through administrative input fields in the Rich Text Editor. Public descriptions consistently identify the SetValue()...

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

PT-2025-52317

Name of the Vulnerable Software and Affected Versions RockMongo version 1.1.7 Description RockMongo 1.1.7 contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit this by submitting crafted...

CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

Improper Input Validation

cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...

Model Context Protocol Servers 参数注入漏洞

Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A parameter injection vulnerability exists in versions of Model Context Protocol Servers prior to 2025.12.17, which stems from the gitdiff and gitcheckout functions passing...