Astra Linux - уязвимость в curl

An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...

ROOT-OS-ALPINE-319-CVE-2024-23771 CVE-2024-23771 in rootio-darkhttpd - Patched by Root

Root has patched CVE-2024-23771 in the rootio-darkhttpd package for Root:Alpine:3.19. Multiple fixed versions available...

EUVD-2026-16654

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

CVE-2026-4955

The CVE-2026-4955 entry concerns Shenzhen Ruiming Technology Streamax Crocus 1.3.44. Affected component is the server-side function handling /OperateStatistic.do; crafting or manipulating the VehicleID parameter yields a SQL injection. Attacks are remotely executable, and the exploit has been mad...

Shenzhen Ruiming Streamax Crocus SQL注入漏洞

Shenzhen Ruiming Streamax Crocus is a vehicle monitoring device developed by Shenzhen Ruiming Corporation. Version 1.3.44 of Shenzhen Ruiming Streamax Crocus contains an SQL injection vulnerability. This vulnerability arises from improper handling of the VehicleID parameter in the...

PT-2026-28681

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

EUVD-2025-201594

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14184

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14184

CVE-2025-14184 affects SGAI Space1 NAS N1211DS (firmware up to 1.0.915). The gsaiagent component exposes a vulnerability in the /cgi-bin/JSONAPI handling of RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD that enables command injection. The issue can be triggered remotely; public disclosure of the exploit ...

openSUSE 16 Security Update : curl (openSUSE-SU-2025-20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20090-1 advisory. - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes...

EUVD-2025-27550

Malicious code in bioql PyPI...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

CVE-2025-56413 affects 1panel v2.0.8, where the OS command injection occurs in the OperateSSH function. An attacker can trigger arbitrary commands via the operation parameter of the /api/v2/hosts/ssh/operate endpoint. This aligns with the reported CVSS: NETWORK vector, HIGH impact (C, I, A). Publ...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

Tenda O3V2 安全漏洞

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability that originates from the /goform/operateMacFilter file parameter mac failing to properly validate the length and size of the input data, which can be exploited by an attacker to...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A security vulnerability exists in IBM Datacap Navigator versions 9.1.7, 9.1.8, and 9.1.9, which originates from a remote attacker who may hijack a victim's click-to-operate...

CVE-2025-28100

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter...

Unspecified Vulnerability in IBM ApplinX

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A security vulnerability exists in IBM ApplinX. An attacker exploiting the vulnerability could hijack a victim's click-to-operate...

IBM ApplinX 安全漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A security vulnerability exists in IBM ApplinX. An attacker exploiting the vulnerability could hijack a victim's click-to-operate...