OpenCats 代码注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. OpenCats has a code injection vulnerability, which stems from PHP code injection in the AJAX endpoints of the installation wizard. This vulnerability allows unauthenticated attackers to execute arbitrary code ...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission bypass execution vulnerability, which allowed persistent execution of “always-always”...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

EUVD-2016-4215

Malware in sbrugna...

EUVD-2021-28849

Malicious code in bioql PyPI...

PT-2025-34935 · D Link · Dcs-825L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-825L firmware versions prior to 1.09.02 Description: The D-Link DCS-825L firmware contains a flaw in the watchdog script mydlink-watch-dog.sh. This script blindly respawns binaries, including dcp and signalc, without verifying thei...

PT-2025-33080 · Webid · Webid

Name of the Vulnerable Software and Affected Versions: WeBid version 1.0.2 Description: WeBid version 1.0.2 contains a remote code injection issue in the convert.php script. Unsanitized input from the to parameter in a POST request is directly written to the includes/currencies.php file. This...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

Shopware XSS Vulnerability

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

CVE-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

CVE-2022-1433

Removed by vendor...

Nxp Semiconductors Nxp Lpc55S69 安全漏洞

The Nxp Semiconductors Nxp Lpc55S69 is a development board from Nxp Semiconductors, Netherlands. It is used to add off-the-shelf add-on boards for networking, sensors, displays and other interfaces. A security vulnerability exists in the Nxp Semiconductors Nxp Lpc55S69, which originates from a...

Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS

This is an IN PROGRESS persistance tool using Windows Background Intelligent Transfer Service BITS. Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command line arguments -d remoteLocation, writePath:...

Shopware 5.2.5/5.3 - Cross-Site Scripting

Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Update:...

Shopware 5.2.5 / 5.3 Cross Site Scripting

Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Update:...

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

Cross site scripting

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...