Metasoft MetaCRM 安全漏洞

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft Corporation. Versions of Metasoft MetaCRM 6.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the Statement.executeUpdate function of the...

CVE-2026-35466

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

CVE-2025-65472

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

RockyLinux 9 : git (RLSA-2025:11462)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11462 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

EUVD-2022-40510

Malicious code in bioql PyPI...

CVE-2025-20269

The CVE-2025-20269 issue affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. Root cause: insufficient input validation for specific HTTP requests, enabling an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the device’s file system. I...

CVE-2023-21011

In multiple locations of p2piface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2023-21209

In multiple functions of staiface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2024-50713

SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php...

Zyxel Multiple Firewalls Path Traversal Vulnerability

Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL...

PT-2024-10677 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to a possible out of bounds write in the handle notification response function of btif rc.cc due to a missing bounds check. This could lead to remote code execution...

CVE-2022-48988 memcg: fix possible use-after-free in memcg_write_event_control()

In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcgwriteeventcontrol memcgwriteeventcontrol accesses the dentry-dname of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access...

CVE-2024-3255

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/editadminquery.php. The manipulation of the argument username/password/name/adminid leads to sql injection. It is possible to...

CVE-2020-36130

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1dxiface.c...

MP3Gain mpglibDBL buffer overflow vulnerability (CNVD-2017-33787)

MP3Gain is a MP3 file volume adjustment application. mpglibDBL is one of the MPEG file decoders. A buffer overflow vulnerability exists in the copymp of the interface.c file of mpglibDBL in MP3Gain. A remote attacker could exploit this vulnerability to cause a denial of service or possibly execut...

CVE-2005-2709

The sysctl functionality sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a denial of service kernel oops and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function...

CVE-2005-2709

The sysctl functionality sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a denial of service kernel oops and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function...