925 matches found
Bird-lg-go 安全漏洞
Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Previous versions of bird-lg-go, including 6187a4e, contained security vulnerabilities. These vulnerabilities stemmed from the traceroute module’s use of shlex.Split to parse user input without proper validation. This could allow remot...
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 参数注入漏洞
Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...
TinyWeb 参数注入漏洞
TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.01 contained a parameter injection vulnerability. This vulnerability stemmed from allowing unverified remote attackers to bypass the CGI parameter security controls of the web server,...
CVE-2025-9062
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...
CVE-2026-27178
MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...
CVE-2025-9062
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...
CVE-2025-9062 IDOR in MeCODE Informatics' Envanty
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...
CVE-2025-9062
CVE-2025-9062 describes an Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty. Impacted versions: Envanty 1.0.0 through 19022026. The issue is described as a parameter injection that enables an adjacent, low-privilege attacke...
CVE-2025-9062 IDOR in MeCODE Informatics' Envanty
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...
CVE-2025-9062
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...
PT-2026-20803
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: from 1.0.0 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
Weblate 参数注入漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.0 contained a parameter injection vulnerability. This vulnerability stemmed from the SSH management console failing to validate the input when adding SSH host keys,...
MeCODE Envanty 安全漏洞
MeCODE Envanty is an enterprise resource planning management system developed by the Turkish company MeCODE. Versions of MeCODE Envanty prior to 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through user-controlled keys, which could lead to...
Delinea Cloud Suite 安全漏洞
Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Versions of Delinea Cloud Suite prior to 25.2 HF1 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements within SQL...
Hyland Alfresco Transformation Service 安全漏洞
The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from parameter injection in the document processing function. This vulnerability may...
CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox
MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as...
PHPGurukul Student Management System 安全漏洞
PHPGurukul Student Management System is a student management system developed by PHPGurukul Corporation. Version 1.0 of the phpgurukul Student Management System has a security vulnerability; this vulnerability stems from the searchdata parameter in the studentms/admin/search.php file, which is...
CVE-2019-25380
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...
PT-2026-8366
Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in paramete...
OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection
This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...