CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

LLaVA 代码问题漏洞

LLaVA is an application by the individual developer Haotian Liu. A code issue vulnerability exists in LLaVA version 1.2.0, which stems from insufficient validation of path parameters and could lead to a server-side request forgery attack...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

GL.iNet Beryl AX GL-MT3000 安全漏洞

GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...

FeMiner wms id parameter SQL injection vulnerability

FeMiner wms is a warehouse management system for Chinese front-end miners FeMiner individual developers. A SQL injection vulnerability exists in FeMiner wms version 1.0, which stems from the lack of validation of the date1, date2, id parameters against externally entered SQL statements. An attack...

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

CVE-2022-24843

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for th...

CVE-2019-3417

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...

CVE-2020-7871

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to...

CVE-2020-13298

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure...

WordPress plugin Responsive iframe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the set_add_routing() function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the gateway parameter. Exploiting this vulnerability allows a remote...

PT-2025-4386 · Atheros · Atheos

Name of the Vulnerable Software and Affected Versions: Atheos versions prior to v600 Description: Atheos is a self-hosted browser-based cloud IDE. The issue is related to the lack of proper validation of the $path and $target parameters across multiple components, allowing an attacker to read,...

CVE-2024-56452

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,...

CVE-2024-33041 Use of Out-of-range Pointer Offset in Computer Vision

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,...

Complaint Management System /admin/state.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/state.php file. No details of the vulnerability are available at...

CVE-2024-35369

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...

CVE-2024-47407

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...