716 matches found
CVE-2023-7311 BYTEVALUE Intelligent Flow Control Router Command Injection
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...
BESTWOND Intelligent Flow Control Router 安全漏洞
BESTWOND Intelligent Flow Control Router is an intelligent flow control router from China's BESTWOND. A security vulnerability exists in the BESTWOND Intelligent Flow Control Router that stems from not properly validating the path parameter and displaying it back to the shell environment, which...
Exploit for CVE-2025-61456
🛡️ CVE Disclosure: CVE-2025-61456 — Reflected XSS in E-commerc...
CVE-2025-9947
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
EUVD-2025-33841
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2025-9947
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2025-9947
CVE-2025-9947 affects the WordPress plugin Custom 404 Pro . All versions up to 3.12.0 are vulnerable to a time-based SQL Injection via the path parameter due to insufficient escaping and query preparation. An authenticated attacker with Administrator+ privileges can append SQL statements to exist...
CVE-2025-9947 Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2025-9947 Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
PT-2025-41682
Name of the Vulnerable Software and Affected Versions Custom 404 Pro plugin for WordPress versions prior to 3.13.0 Description The Custom 404 Pro plugin for WordPress is susceptible to time-based SQL Injection through the path parameter. This is due to inadequate input sanitization and insufficie...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
EUVD-2005-3334
Malware in sbrugna...
EUVD-2007-2253
Malware in sbrugna...
EUVD-2006-3177
Malware in sbrugna...
EUVD-2014-3746
Malware in sbrugna...
EUVD-2021-1957
Malware in sbrugna...
EUVD-2020-15816
Malware in sbrugna...
EUVD-2006-5072
Malware in sbrugna...
EUVD-2009-3299
Malware in sbrugna...
EUVD-2006-7029
Malware in sbrugna...