105519 matches found
PT-2026-35923
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...
EUVD-2025-209589
A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...
EUVD-2026-26232
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
UTT HiPER 1250GW 缓冲区错误漏洞
UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...
FreeBSD Security Advisory - FreeBSD-SA-26:14.pf
FreeBSD Security Advisory - Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic...
CDAC e-Sushrut 安全漏洞
CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...
Mail MCP Bridge 路径遍历漏洞
Mail MCP Bridge is a messaging analysis tool developed by Fatbobman Dongpo Zhouzi, which connects macOS email messages with AI. Versions of Mail MCP Bridge 1.3.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of the parameter messageids in the fil...
UTT HiPER 1250GW 缓冲区错误漏洞
UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation in the function strcpy within the file route/goform/ConfigAdvideo, where th...
SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...
CVE-2025-56537
CVE-2025-56537 affects OpenNebula OpenNebula v6.10.0.1; the stored XSS occurs via a crafted payload injected into the virtual network template parameter. The issue is fixed in OpenNebula 7.0. An attacker can trigger the stored XSS through the vulnerable web UI (Sunstone) under network template in...
SourceCodester CET Automated Grading System with AI Predictive Analytics 跨站脚本漏洞
SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...
TOTOLINK N200RE 命令注入漏洞
The TOTOLINK N200RE is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK N200RE V5 version has a command injection vulnerability, which stems from the use of command injections in the formMapDelDevice function, particularly with the macstr and bandstr parameters...
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
CVE-2026-36837
TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...
xhs-mcp 代码问题漏洞
xhs-mcp is an open-source tool developed by Algovate for automated publication and content management of REDnote. Version xhs-mcp 0.8.11 contains a code vulnerability. This vulnerability arises from the mediapaths parameter operation in the xhspublishcontent function within the...
PT-2026-35942
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
EUVD-2026-26231
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter pid being manipulated in the file admin/ajax.php?action=addtocart...
CVE-2026-36837
TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...
BioinfoMCP 路径遍历漏洞
BioinfoMCP is an bioinformatics AI platform developed by Florensiawidjaja. It serves to connect command-line tools with intelligent workflows. BioinfoMCP has a path traversal vulnerability, which stems from improper handling of the parameter Name in the Upload function located in the file...