PT-2025-53932

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s crypto/hisi zip module related to a mismatch when getting or setting the sgl sge nr variable. The type of sgl sge nr is u16, but it was being access...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992483 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in...

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

CVE-2025-15192 D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...

CVE-2025-14705

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilize...

warehouseManager 代码注入漏洞

warehouseManager is a warehouse management system developed by yangshare individual developers in China. A code injection vulnerability exists in warehouseManager version 1.1.0, which originates from the incorrect operation of the parameter Name in the function addCustomer in the file...

CVE-2025-34399

MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized for GET requests and is echoed inside a [removed] block in the JavaScript variable sAddrCc, enabling an attack...

PT-2025-49563

Name of the Vulnerable Software and Affected Versions code-projects Online Ordering System version 1.0 Description A security issue exists in code-projects Online Ordering System 1.0. The vulnerability involves the manipulation of the Username argument, leading to SQL injection. This affects an...

Masa CMS 代码注入漏洞

Masa CMS is a digital experience platform. A code injection vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from the addParam function accepting user input and evaluating it via setDynamicContent, which could lead to remote code execution...

EUVD-2025-175305

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary sub42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into fixed-siz...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990867 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilcparsejoinbssparam In the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989996 advisory. In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook bail on fail scheme doesn't...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

OSV-2025-871 UNKNOWN READ in ojph::local::param_cod::~param_cod

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=456837230 Crash type: UNKNOWN READ Crash state: ojph::local::paramcod::paramcod ojph::local::paramcod::paramcod ojph::local::paramcod::paramcod...

EUVD-2025-36141

A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /viewresult.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has bee...

CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2022-50455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfs: fix possible null-ptr-deref when parsing param According to commit vfs: parse: deal with zero length string value, kernel will set the param-string to null...

EUVD-2018-17665

Malware in sbrugna...

EUVD-2020-10370

Malware in sbrugna...

EUVD-2016-1015

Malware in sbrugna...