113 matches found
EUVD-2023-27402
Malicious code in bioql PyPI...
EUVD-2025-7777
Malicious code in bioql PyPI...
EUVD-2022-52533
Malicious code in bioql PyPI...
The vulnerability of the resize() and text() methods of the ImageMagick framework, which are used for developing web systems and CodeIgniter applications, allows attackers to load arbitrary files.
The vulnerability of the resize and text methods of the ImageMagick framework used for developing web systems and CodeIgniter applications relates to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote...
BIT-JOOMLA-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
CVE-2022-30703
Trend Micro Security 2021 and 2022 Consumer is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation...
CVE-2010-2217
Adobe Flash Media Server FMS before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."...
CVE-2009-2386
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method...
PT-2025-16862 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...
Updated python-django packages fix security vulnerability
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. CVE-2025-26699...
GHSA-2CJ2-QQXJ-5M3R Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
PT-2024-11535 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The upgrade logic in Mautic's application update via an upgrade script is not properly shielded, potentially leading to a vulnerable situation. However, this issue is mitigated by the fact...
TOTOLINK X5000R setSyslogCfg Method Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setSyslogCfg method of /cgi-bin/cstecgi.cgi failing to properly filter construct command special...
The vulnerability of the Connect method of the SolarWinds Access Rights Manager software allows a perpetrator to execute arbitrary code.
The vulnerability of the Connect method in the SolarWinds Access Rights Manager software lies in improper restrictions on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2024-38953
phpok 6.4.003 contains a Cross Site Scripting XSS vulnerability in the okf method under the framework/api/uploadcontrol.php file...
Hazardous Method or Function Vulnerability Exposed by Siemens SINEC Traffic Analyzer
SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...
The vulnerability of the GetRulesetsSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.
The vulnerability of the GetRulesetsSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
The vulnerability of the `BaproductzoommagnifierZoomModuleFrontController::run()` method in the Best Zoom Magnifier Effect module – BAZoom Magnifier, a open-source e-commerce web application for PrestaShop. This vulnerability allows an attacker to elevate their privileges and gain access to read, modify, or delete data.
The vulnerability of the BaproductzoommagnifierZoomModuleFrontController::run method in the Best Zoom Magnifier Effect – BAZoom Magnifier web application for e-commerce with open-source PrestaShop is related to the lack of protective measures for the SQL query structure. Exploiting this...
Tenda AC500 formexeCommand Method Command Injection Vulnerability
Tenda AC500 is the wireless controller device introduced, designed for small and medium-sized businesses, with support for managing wireless networks across VLANs. Tenda AC500 suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...
TOTOLINK EX200 安全漏洞
TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. TOTOLINK EX200 suffers from an information disclosure vulnerability that stems from improper...