CVE-2025-6024

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

EUVD-2026-18819

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

EUVD-2026-17589

A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used...

CVE-2026-4544

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...

CVE-2025-15008

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publ...

Tenda WH450 安全漏洞

Tenda WH450 is a wireless access point from Tenda China. A security vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from an incorrect manipulation of the parameter page in the file/goform/Natlimit of the component HTTP Request Handler, which could result in a stack buffer...

Tenda WH450 安全漏洞

Tenda WH450 is a wireless access point from Tenda China. A security vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from an incorrect manipulation of the parameter page in the file /goform/DhcpListClient, which could result in a stack buffer overflow...

CVE-2025-12322 Tenda CH22 NatStaticSetting fromNatStaticSetting buffer overflow

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published an...

PT-2025-43941

🚨 CVE-2025-12272 A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the...

CVE-2025-11423 Tenda CH22 SafeEmailFilter formSafeEmailFilter memory corruption

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and...

EUVD-2022-34586

Malicious code in bioql PyPI...

EUVD-2024-46735

Malicious code in bioql PyPI...

PT-2025-37410

Name of the Vulnerable Software and Affected Versions AC Smart II affected versions not specified Description A vulnerability exists in AC Smart II that allows unauthorized password changes. A hidden form for resetting the administrator password is present on a page, which can be manipulated usin...

Clickjack attack steals password managers’ secrets

Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...

CVE-2024-10276

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launche...

CVE-2023-6615

A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and...

CVE-2024-4169

A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub42775C/sub4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability i...

[SECURITY] Fedora 39 Update: qpdf-11.6.4-2.fc39

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

Unspecified Vulnerability in Emlog (CNVD-2023-9918065)

emlog is a PHP and MySQL based CMS builder for emlog personal developers. Emlog pro2.1.14 version of a security vulnerability, the vulnerability stems from the uid parameter in /admin/media.php contains SQL injection vulnerability. Attackers can use this vulnerability to gain unauthorized access ...

Lost and Found Information System 跨站脚本漏洞

Lost and Found Information System is a lost and found information system by oretnom23 individual developer. A cross-site scripting vulnerability exists in Lost and Found Information System version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter page...