38 matches found
EUVD-2019-1990
Malware in sbrugna...
EUVD-2024-43152
Malicious code in bioql PyPI...
CVE-2025-41653
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive...
CVE-2024-48871
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...
CVE-2024-52320
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution...
CVE-2024-52320
Planet Technology WGS-804HPT series switches are affected by CVE-2024-52320, a pre-authentication command injection flaw that can lead to remote code execution via a crafted HTTP request. The issue is documented with high criticality (CVSS v3.1/4.0 scores: 9.8/9.3, network access, no authenticati...
CVE-2024-48871 Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...
path traversal vulnerability was identified in the parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
Authorization Bypass
apiman-manager-api-rest-impl is vulnerable to authorization bypass. The vulnerability exists due to insufficient checks for read permissions which allows an attacker to access information and resources via malicious HTTP request...
CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...
CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...
CVE-2021-1493
A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks...
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerability (CNVD-2021-09936)
Cisco Smart Software Manager Satellite is software designed to provide intelligent management of licenses. A command injection vulnerability exists in the WEB UI of Cisco Smart Software Manager Satellite 5.1.0 and prior versions. The vulnerability stems from the program not properly validating...
Arbitrary File Deletion Vulnerability in InRouter900 Industrial Router from Johntons
The Johnton-InRouter900 series industrial router is a 4G industrial router. The InRouter900 Industrial Router suffers from an arbitrary file deletion vulnerability, which originates from the program failing to properly validate user data, and can be exploited by a remote attacker to delete...
Command Execution Vulnerability in the InRouter900 Industrial Router from Johnstone (CNVD-2021-10447)
The Johnton-InRouter900 series industrial router is a 4G industrial router. A command execution vulnerability exists in the InRouter900 Industrial Router. The vulnerability stems from the program's failure to properly validate user data and can be exploited by a remote attacker to execute arbitra...
Command Execution Vulnerability in the InRouter900 Industrial Router from Johnstone (CNVD-2021-10450)
The Johnton-InRouter900 series industrial router is a 4G industrial router. A command execution vulnerability exists in the InRouter900 Industrial Router. The vulnerability stems from the program's failure to properly validate user data and can be exploited by a remote attacker to execute arbitra...
Command Execution Vulnerability in the InRouter900 Industrial Router from Johnstone (CNVD-2021-10453)
The Johnton-InRouter900 series industrial router is a 4G industrial router. A command execution vulnerability exists in the InRouter900 Industrial Router. The vulnerability stems from the program's failure to properly validate user data and can be exploited by a remote attacker to execute arbitra...
Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05411)
The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...
Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05413)
The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...
Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05418)
The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...