Markdown Downloader MCP Server 路径遍历漏洞

Markdown Downloader MCP Server is a web-to-Markdown downloader from the individual developer Darren Bennett. A path traversal vulnerability exists in Markdown Downloader MCP Server, which originates from the operation of the function downloadmarkdown/listdownloadedfiles/createsubdirectory in the...

OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 had a SQL injection...

Cross-Site Scripting (XSS)

com.xnx3.wangmarket, wangmarket is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the variableList function of /admin/system/variableList.do, which allows a remote attacker to manipulate the Description parameter and inject malicious scripts that...

CVE-2025-15204 SohuTV CacheCloud QuartzManageController.java doQuartzList cross site scripting

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the list function in UserInfoController.java. An attacker can access sensitive user information by sending unauthorized requests remotely. Remediation There is no fixed version for...

EUVD-2021-28966

Malicious code in bioql PyPI...

EUVD-2025-12110

Malicious code in bioql PyPI...

EUVD-2022-45274

Malicious code in bioql PyPI...

PT-2025-35129

Name of the Vulnerable Software and Affected Versions Tenda AC10 version 4.0 firmware 16.03.10.20 Description The Tenda AC10 device contains a stack overflow issue via the get parentControl list Info function. Recommendations At the moment, there is no information about a newer version that...

PT-2025-34485 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The List MySQL Databases function in Easy Hosting Control Panel EHCP is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute...

CVE-2025-50927

A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...

CVE-2025-8127 deerwms deer-wms-2 list sql injection

A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

HDF5 资源管理错误漏洞

HDF5 is a library of HDF open source . A security vulnerability exists in HDF5 version 1.14.6, which stems from a confusion about the instruction in the function H5FLreggclist in the file src/H5FL.c that is responsible for freeing memory. An attacker can exploit this vulnerability to potentially...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2023-28099

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-26773

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file...

CVE-2025-4015

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missin...

CVE-2025-29101

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the getparentControllistInfo function...

PT-2025-7714 · Unknown +6 · Libarchive +6

Name of the Vulnerable Software and Affected Versions: libarchive versions up to 3.7.7 Description: A problematic issue was found in libarchive, affecting the list function of the file bsdunzip.c. This issue leads to a null pointer dereference. The attack can be launched on the local host...

PT-2024-39548 · Unknown · Skyselang Yyladmin

Name of the Vulnerable Software and Affected Versions: skyselang yylAdmin versions up to 3.0 Description: A critical issue was found in the Backend component, specifically in the function list of the file /app/admin/controller/file/File.php. The manipulation of the is disable argument leads to SQ...