14 matches found
EUVD-2023-23913
Malicious code in bioql PyPI...
CVE-2025-34223
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...
CVE-2025-51541
Shopware 6 stores user input in /recovery/install/database-configuration/ via the c_database_schema field without proper sanitization, enabling stored XSS. The issue can be triggered through a CSRF-enabled POST; lack of CSRF protections allows an unauthenticated attacker to craft a page that stor...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...
PT-2025-31974 · Shopware · Shopware 6
Name of the Vulnerable Software and Affected Versions: Shopware 6 affected versions not specified Description: A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface. The c database schema field does not properly sanitize user-supplied input before renderi...
CVE-2023-1685
A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...
PYSEC-2025-9
A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...
CVE-2023-1685
A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...
CVE-2023-1685
A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...
Command injection
A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...
CVE-2023-1685 HadSky Installation Interface index.php command injection
A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...
HadSky 命令注入漏洞
HadSky is an original open source php light forum system from China's HadSky company. A security vulnerability exists in HadSky versions prior to 7.11.8, which stems from unknown code in the /install/index.php file of the component Installation Interface, resulting in command injection...
PT-2023-17168 · Hadsky · Hadsky
Name of the Vulnerable Software and Affected Versions: HadSky versions up to 7.11.8 Description: A critical issue has been found, affecting the Installation Interface component, specifically the /install/index.php file. This issue leads to command injection and can be initiated remotely. The...
Debian DSA-4917-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer...