25 matches found
CVE-2026-42298
CVE-2026-42298 affects Postiz (AI social media scheduling tool). The issue arises in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml), where an unauthenticated user can cause arbitrary code execution during Docker image build by submitting a fork with a malic...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
CVE-2023-22515 CVE-2023-22515, a critical vulnerability affect...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
Command injection
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
CVE-2023-23080
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10=V202209060242025 and Tenda IT7-PCS Tenda IT7-PCS=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS=V2209020908...
PT-2023-7591 · Tenda · Tenda It7-Pcs +3
Name of the Vulnerable Software and Affected Versions: Tenda CP7 versions V11.10.00.2211041403 and earlier Tenda CP3 v.10 versions V20220906024 2025 and earlier Tenda IT7-PCS versions V2209020914 and earlier Tenda IT7-LCS versions V2209020914 and earlier Tenda IT7-PRS versions V2209020908 and...
多款Tenda产品 命令注入漏洞
Tenda CP7 and others are a smart camera from Tenda China. Tenda has a security vulnerability that stems from the susceptibility of certain products to command injection attacks, the following products and versions are affected: Tenda CP7 Tenda CP7 V11.10.00.2211041403 and prior versions, Tenda CP...
Mitigation of M-02: Issue not mitigated
Lines of code Vulnerability details The sponsor appears to confirm Medium severity, but did not provide any PRs addressing it, so the same issue remains in the new code. --- The text was updated successfully, but these errors were encountered: All reactions...
Mitigation of M-07: Issue not mitigated
Lines of code Vulnerability details The sponsor confirmed but disputed Medium severity, and did not provide any PRs addressing it, so the same issue remains in the new code. --- The text was updated successfully, but these errors were encountered: All reactions...
Mitigation of H-05: Issue not mitigated
Lines of code Vulnerability details The sponsor confirmed the issue, but did not provide any PRs addressing it, so the same issue remains in the new code. --- The text was updated successfully, but these errors were encountered: All reactions...
Command injection
A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It...
prs-familytrust.de Cross Site Scripting vulnerability OBB-2720225
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-29220 No verification of commits origin in github-action-merge-dependabot
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...
Fhex - A Full-Featured HexEditor
This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations e.g. too many dependencies, missing hex coloring features, etc.. This project is based on qhexedit2 , capstone and keystone engines. New feature...
Metasploit Wrap-Up
Anyone enjoy making chains? The community is hard at work building chains to pull sessions out of vulnerable Exchange servers. This week Rapid7's own wvu & Spencer McIntyre added a module that implements the ProxyShell exploit chain originally demonstrated by Orange Tsai. The module also benefite...
Exploit for Code Injection in Nette Application
CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...
Denial of Service Vulnerability in Changyuan Shenrui PRS-7910 Data Gateway Machine
Changyuan Shamrui PRS-7910 Data Gateway is an Ethernet-based data gateway introduced by Changyuan Shamrui Relay Automation Co. A denial of service vulnerability exists in the SUNRISE PRS-7910 Data Gateway. An attacker can exploit the vulnerability to cause the Data Gateway to fail to provide...
Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets
Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...