EUVD-2026-23682

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended...

CVE-1999-0413

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path...

EUVD-1999-0413

Malware in sbrugna...

EUVD-2025-31700

Malicious code in bioql PyPI...

Exploit for CVE-2024-32019

⚠️ CVE-2024-32019 - PoC 📌 Affected Versions - = v1.45.0...

CVE-2024-4888

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

CVE-2024-10834

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

CVE-2024-10834 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. Thi...

SUSE CVE-2009-1272

The phpzipmakerelativepath function in phpzip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service crash via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction...

CVE-2022-28990

WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm...

Ext2Fsd代码问题漏洞

Ext2Fsd is an Ext2 file system driver for Windows by Matt Wu, a personal developer. A security vulnerability exists in Ext2Fsd v0.68, which can be exploited via the Ext2Srv service to execute a carefully crafted file in the service path...

HTTPDebuggerPro 9.11 - Unquoted Service Path

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...

Unspecified Vulnerability in ASUSWRT

ASUSWRT is a firmware from Asus Taiwan, China that runs in its routers. A security vulnerability exists in ASUSWRT version 3.0.0.4.384.20308. An attacker can exploit this vulnerability to cause a denial of service with the help of /APPInstallation.asp?= URI...

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage:...

DamiCMS Arbitrary File Read Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A security vulnerability exists in DamiCMS version 6.0.1. A remote attacker can exploit the vulnerability by sending a specially crafted request admin.php?s=Tpl/Add/id to read arbitrary files...

CVE-2018-18419

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI...

Code injection

It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...

MacOS X 10.x DirectoryService Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7323/info MacOSX DirectoryService has been reported prone to a denial of service vulnerability. It has been reported that a remote attacker may trigger an exception in DirectoryService by repeatedly connecting to specific...

Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit

No description provided by source. / OS X = 10.2.4 DirectoryService local root PATH exploit DirectoryService must be crashed prior to execution, per @stake advisory. If you discover how to crash DirectoryService e-mail me at [email protected] Neeko Oni -- Assuming DirectoryService has been...