338 matches found
EUVD-2025-21433
Malicious code in bioql PyPI...
EUVD-2025-25810
Malicious code in bioql PyPI...
EUVD-2022-39082
Malicious code in bioql PyPI...
EUVD-2025-28379
Malicious code in bioql PyPI...
EUVD-2025-25817
Malicious code in bioql PyPI...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50976
IPFire 2.29 DNS management interface dns.cgi fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLSHOSTNAME query parameters, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50976
IPFire 2.29 DNS management interface dns.cgi fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLSHOSTNAME query parameters, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2025-50976
IPFire 2.29 DNS management interface dns.cgi fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLSHOSTNAME query parameters, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire version 2.29, which stems from dns.cgi not being cleaned of user input, and could lead to a reflected cross-site scripting attack...
CVE-2025-50976
IPFire 2.29 DNS management interface (dns.cgi) is affected by a reflected XSS due to insufficient sanitization of user input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters. The root cause is improper input handling in dns.cgi, enabling reflected XSS payloads. Documented impact is li...
PT-2025-34800 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The DNS management interface dns.cgi in IPFire fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS HOSTNAME query parameters. This results in a reflected cross-site scripting XSS...
CVE-2025-50974
The CVE-2025-50974 issue affects IPFire 2.29: the Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) does not sanitize user input before embedding parameters into a shell command. This allows an unauthenticated, remote attacker to inject arbitrary OS commands by supplying shell metachar...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire version 2.29, which stems from logs.cgi not being cleaned of user input and could lead to the execution of arbitrary OS commands...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire version 2.29 that stems from firewall.cgi not cleaning up multiple rule parameters, which could lead to a stored cross-site scripting...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...