CVE-2026-4206 D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

EUVD-2021-19373

Malware in sbrugna...

EUVD-2025-24154

Malicious code in bioql PyPI...

EUVD-2021-6824

Malicious code in bioql PyPI...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-34118 Linknat VOS Manager Path Traversal File Disclosure

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/',...

Juzaweb CMS 代码注入漏洞

Juzaweb CMS is a content management system based on Laravel framework and Web platform developed by Juzaweb individual developers. A code injection vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which originates from a cross-site scripting attack on the parameter Upload in the fi...

CVE-2025-22479

Summary: CVE-2025-22479 affects Dell Storage Center / Dell Storage Manager, version 20.0.21. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal that could allow an unauthenticated, adjacent-network attacker to inject scripts. The public docume...

CVE-2025-22479

Dell Storage Center - Dell Storage Manager, versions 20.0.21, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

DEBIAN-CVE-2024-50095

In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases madagentpriv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be...

Form Tools SQL注入漏洞

Form Tools is an open source code base for Form Tools scripts, modules, themes and APIs. A SQL injection vulnerability exists in Form Tools that stems from an issue found in Form Tools starting from 3.0.20. When a low-privileged user client-side attempts to export a form containing data, for...

MunkiReport Cross-Site Request Forgery Vulnerability

Munkireport is a reporting tool for the Munki software management program. A cross-site request forgery vulnerability exists in manager/deletemachine/id in MunkiReport versions prior to 5.6.3. An attacker could exploit this vulnerability to delete arbitrary devices from the MunkiReport database...

CVE-2018-13445

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...

Remote file inclusion

PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the PXconfigmanagerpath parameter. NOTE: this is a different executable and affected version than CVE-2006-0725...