CVE-2026-31169

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...

Warehouse Inventory Management System 授权问题漏洞

Warehouse Inventory Management System is a warehouse inventory management system developed by go2ismail. The Warehouse Inventory Management System versions 9.20250118 and earlier have an authorization issue vulnerability. This vulnerability arises from improper authorization due to operations on...

CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

EUVD-2025-37755

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

EUVD-2014-3746

Malware in sbrugna...

CVE-2025-59746

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'...

chat_forum 代码注入漏洞

chatforum is a chat and dating forum system developed by Chengyi Wang. A code injection vulnerability exists in chatforum 80bdb92f5b460d36cab36e530a2c618acef5afd2 and previous versions, which stems from incorrect manipulation of the parameter path in the file /q.php, and may lead to cross-site...

Freeze-Omni 代码问题漏洞

Freeze-Omni is an intelligent low-latency speech dialog model based on Freeze LLM open-sourced by VITA-MLLM. A code issue vulnerability exists in Freeze-Omni 20250421 and earlier versions, which stems from deserialization due to incorrect manipulation of the parameter path in the file...

Selesta Visual Access Manager 安全漏洞

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in the POST parameter of /vam/vameps.php...

Tsinghua Unigroup Archives Management System 访问控制错误漏洞

Tsinghua Unigroup Archives Management System is an electronic archives management system software from China's Tsinghua Unigroup. An access control error vulnerability exists in Tsinghua Unigroup Archives Management System version 3.2.21080262532, which stems from an incorrect operation of the...

VulnCheck KEV: CVE-2022-31446

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

CVE-2023-26978

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg...

CVE-2022-34608

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget...

Security Bulletin: Vulnerabilities in IBM Rational Synergy's Help System (CVE-2013-0464, CVE-2013-0467, CVE-2013-0599)

Summary IBM Rational Synergy can be affected by three vulnerabilities in the IBM Eclipse Help System IEHS, which is used to display the IBM Rational Synergy help content. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow thi...

iSoft-Solutions QuikStore Shopping Cart 2.12 store Parameter Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9282/info It has been reported that QuikStore Shopping Cart may be prone to an information disclosure vulnerability due to insufficient sanitization of user-supplied data through the 'store' parameter of the 'quikstore.cg...

CVE-2013-0599

IBM Eclipse Help System IEHS, as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP...

CVE-2007-2014

PHP remote file inclusion vulnerability in include/blocks/weekevents.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConfpathsysindex parameter, a different vector than CVE-2007-0633...