CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

CVE-2025-20313

Cisco IOS XE Software contains multiple vulnerabilities that allow an authenticated local attacker with level-15 privileges or an unauthenticated attacker with physical access to execute persistent code at boot time and break the chain of trust. The issues stem from path traversal and improper im...

Cisco IOS XE Software Secure Boot Bypass Vulnerabilities

Multiple vulnerabilities in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due...

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...

D-Link DCS-825L 安全漏洞

The D-Link DCS-825L is a wireless webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-825L version 1.08.01 and earlier, which stems from the mydlink-watch-dog.sh script that does not verify binary integrity, which could lead to persistent arbitrary code execution...

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

Code injection

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

Remote code execution

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2023-6181

CVE-2023-6181 affects Google Chromecast/Chromecast with Google TV via an oversight in the BCB reboot-handling that occurs in U-Boot, enabling persistent code execution. The issue is described across multiple feeds as a reboot-reason handling flaw with the root cause in BCB and potential for persi...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from a security flaw in BCB that...

PT-2023-30845 · U-Boot · U-Boot

Name of the Vulnerable Software and Affected Versions: U-Boot affected versions not specified Description: The issue is related to a U-Boot vulnerability that results in persistent code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix fo...