vps-inventory-monitoring 代码注入漏洞

vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...

CVE-2025-31960

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

UBUNTU-CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

EUVD-2026-1416

AWS SDK for Swift adopted defense in depth enhancement for region parameter value...

EUVD-2026-1418

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value...

EUVD-2023-60256

In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system from Das Corporation in China. A SQL injection vulnerability exists in Das Parking Management System version 6.2.0, which is caused by incorrect manipulation of the parameter Value in the file /IntraFieldVehicle/Search...

CVE-2025-37851

CVE-2025-37851 affects the Linux kernel fbdev omapfb path. The vulnerability centers on the dispc_ovl_setup function not handling the plane value OMAP_DSS_WB from the enum parameter plane. While that value is initialized in dss_init_overlays and in current code cannot take this value, some code p...

PT-2024-37433 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A Guard Tour VAPIX API parameter in Axis devices allows the use of arbitrary values, enabling an attacker to block access to the guard tour configuration page in the web interface. Axis has...

PT-2024-28332 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/vpsApiData deal.php. The mudi parameter is involved, specifically when set to del. This allows for unauthorized actions to be...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:3397-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jose4j Security Vulnerabilities

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and JOSE specification suite JWS, JWE, and JWK open sourced from Bitbucket . A security vulnerability exists in jose4j versions prior to 0.9.4, which stems from a vulnerability that allows an attacker to cau...

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation

Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not overri...

HTML/CSS Injection

HTML/CSS Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically us...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

FreeBSD : OpenSSL -- Excessive time spent checking DH q parameter value (bad6588e-2fe0-11ee-a0d1-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bad6588e-2fe0-11ee-a0d1-84a93843eb75 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:...

CVE-2023-3405

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 excluding 23.2 SR2 and newer allows anonymous user to cause denial of service...