CVE-2026-45564

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

CVE-2026-45564

CVE-2026-45564 affects Roxy-WI web interface for managing HAProxy/Nginx/Apache/Keepalived. In versions up to and including 8.2.6.4, POST /config/versions////save interpolates the URL-path parameter directly into a config-version path that resolves to a shell command: os.system("dos2unix -q {cfg}...

CVE-2026-43496

creationtimestamp| type| source ---|---|--- 2026-05-21 16:28:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmetnfmrzt2k...

CVE-2025-56077

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-41348 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

PT-2025-38647

Name of the Vulnerable Software and Affected Versions htmly versions up to 3.1.0 Description A security issue has been identified in htmly. Manipulation of the label argument in an unknown function within the file /htmly/admin/field/post of the Custom Field Handler component can lead to cross-sit...

CVE-2025-9216

creationtimestamp| type| source ---|---|--- 2025-09-17 09:35:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyzjtze6bz2c...

CVE-2025-6465

creationtimestamp| type| source ---|---|--- 2025-08-21 20:33:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwwrzswtgs2a...

CVE-2025-8882

creationtimestamp| type| source ---|---|--- 2025-08-16 02:38:04+00:00| seen| https://bsky.app/profile/secqube.com/post/3lwidmomzge2f...

CVE-2025-51986

creationtimestamp| type| source ---|---|--- 2025-08-14 19:54:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwf4mrhfye2t...

CVE-2025-55163

creationtimestamp| type| source ---|---|--- 2025-08-14 10:06:59+00:00| seen| https://bsky.app/profile/bricedutheil.bsky.social/post/3lwe3rkm22s2a 2025-08-18 08:41:02+00:00| seen| https://poliverso.org/objects/0477a01e-6be44872-756a670ea049def1 2025-08-19 05:22:52+00:00| seen|...

CVE-2025-6253

creationtimestamp| type| source ---|---|--- 2025-08-12 08:04:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lw6tz6ymgx2c...

CVE-2025-8742

creationtimestamp| type| source ---|---|--- 2025-08-08 23:46:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvwgqltzd62s...

litemall 安全漏洞

litemall is a small shopping mall system for linlinjava individual developers. A security vulnerability exists in litemall version 1.8.0, which stems from improper authorization due to misuse of the parameter adminComment in the file /wx/comment/post...

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding version 1.0.3, which stems from improper authorization due to misuse of the parameter articleId in the file /article/api/post...

sternenblog 安全漏洞

sternenblog is file-based CGI blogging software. A security vulnerability exists in sternenblog, which stems from an incorrect manipulation of the parameter postpath that can lead to file inclusion...

ARRIS NVG443B 跨站脚本漏洞

The ARRIS NVG443B is a full-featured, high-performance gateway from ARRIS America. A security vulnerability exists in the ARRIS NVG443B version 9.3.0h3d36, which stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary web script or HTML via a specially...

CVE-2022-24220

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/editpost.php...

Victor CMS 代码问题漏洞

Victor CMS is an open source content management system from the developers of Victor Alagwu Software in Nigeria. version 1.0 of Victor CMS is vulnerable to arbitrary file uploads. An attacker can execute arbitrary code by uploading files to CMS site-masteradminincludesadminaddpost.php...