Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

openshift Red Hat OpenShift Container Platform 4 配置错误漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

EUVD-2018-21803

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

CVE-2018-25283 iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

PT-2026-35253

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.5 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability stems from an improper handling of structured data in the “Save Path for Snapshot and Record”...

EUVD-2019-20126

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

PT-2026-32160

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

CVE-2019-25618

AdminExpress 1.2.5 is affected by a local-denial-of-service in the System Compare feature. An attacker can submit oversized input in the Folder Path field, sending a large buffer of characters to trigger the comparison function and cause the application to become unresponsive or crash. This is a ...

Arbitrary Code Execution

ingress-nginx is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of the rules.http.paths.path Ingress field, where attacker-controlled values can inject arbitrary NGINX configuration, enabling execution of commands in the ingress-nginx controller context...

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...

EUVD-2022-4829

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...

SUSE CVE-2014-0474

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

SUSE CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

SUSE CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output from path/job. An attacker could exploit this vulnerabili...