CVE-2025-62771

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...

CVE-2025-62771

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks...

CVE-2024-48107

SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...

PHPSHE Mall System has XML External Entity Injection Vulnerability

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. PHPSHE mall system exists XML external entity...

Ectouch wx***.php plugin suffers from XML external entity injection vulnerability

ECTouch is a mobile mall online store system launched by Shanghai Shangchuang Network Technology Co. An XML external entity injection vulnerability exists in the Ectouch wx.php plugin. An attacker can exploit this vulnerability to read arbitrary files, execute commands and attack the intranet...

Selenium Server Unauthorized Access Vulnerability

Selenium is a tool for web application testing.Selenium tests run directly in the browser, just as a real user would do. Supported browsers include IE 7, 8, 9, 10, 11, Mozilla Firefox, Safari. Google Chrome, Opera, etc. An unauthorized access vulnerability exists in Selenium Server. A malicious...

Arbitrary file upload vulnerability in the action/fileUpload.asp file of the Access Specialist management system

Despatch Access Specialist Management System is a CATI software that integrates telephone access, call center, and web survey into one; a CATI software that provides hosted services with "Cloud Computing" and "SaaS Model". An arbitrary file upload vulnerability exists in the action/fileUpload.asp...