Panabit PAP-XM320 操作系统命令注入漏洞

Panabit PAP-XM320 is an enterprise-level Internet access behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to V7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the W...

CVE-2025-12497 Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path]

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

WordPress plugin is-human 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-9654

Malicious code in bioql PyPI...

Jasmin The Ransomware SQL注入漏洞

Jasmin The Ransomware is a powerful ransomware security testing tool used by ReadTeams, a personal developer of Siddhant Gour. Jasmin The Ransomware 1.0.1 and earlier versions suffer from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter...

CVE-2024-6723

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin versions prior to 4 9.2 that stems from insecurely passing parameters to the eval function, which could lead to remote code executi...

PT-2024-4187 · Unknown · Svacer Sast

Name of the Vulnerable Software and Affected Versions: Svacer SAST affected versions not specified Description: The issue is related to insecure handling of parameters when creating short links. This can be exploited by a remote attacker to redirect users to an arbitrary URL. Recommendations: At...

ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF

The plugin does not validate the clipath parameter and does not have CSRF check, which could allow attackers to make a logged in admin call a file with a PHAR wrapper via a CSRF attack. This could lead to PHAR deserialization when a suitable gadget chain is present on the blog and the attacker...

Uber: DOM based XSS via insecure parameter on [ https://uberpay-mock-psp.uber.com ]

Vulnerability description not provided...

Netgear RBR750和NETGEAR 命令注入漏洞

Netgear RBR750 and NETGEAR are both products of Netgear, Inc.RBR750 is a home WiFi system.NETGEAR is a router. A hardware device that connects two or more networks and acts as a gateway between them. A security vulnerability exists in some NETGEAR devices that stems from the lack of effective...

VulnCheck KEV: CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request:...

CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system...

Vmware VMWare SD-WAN Orchestrator Input Validation Error Vulnerability

Vmware VMWare SD-WAN Orchestrator is a software from Vmware that orchestrates network data flows in a software-defined network architecture. The software provides Web pages to visualize and manage users, gateways, and authentication. An input validation error vulnerability exists in VMware SD-WAN...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

CVE-2017-10804

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before...

Unfixed XSS vulnerability at www.thecomedystore.co.uk

Security researcher IrIsT.Ir, has submitted on 07/01/2012 a cross-site-scripting XSS vulnerability affecting www.thecomedystore.co.uk, which at the time of submission ranked 347951 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It ...

Code injection

Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks for 1 NtOpenProcess and 2 NtOpenThread...