EUVD-2025-12096

Malicious code in bioql PyPI...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...

Open Redirect

drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...

Null pointer dereference

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

Vite Cross-Site Scripting Vulnerability

Vite is a new front-end builder tool open-sourced by Vite. Vite suffers from a cross-site scripting vulnerability that stems from the ability to inject arbitrary HTML into the output by providing a malicious URL query string...

TOTOLINK A830R QUERY_STRING Command Injection Vulnerability

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

TOTOLINK A830R 操作系统命令注入漏洞

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A3600R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A3600R router lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A810R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A810R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A800R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A800R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

Cross site scripting

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

The vulnerability of the __ajax_explorer.sgi file in D-Link DIR-645 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ajaxexplorer.sgi file of the D-Link DIR-645 router microprogramming system is related to the failure to eliminate special elements used in the operating system’s processing of the QUERYSTRING parameter. Exploiting this vulnerability can allow an attacker to execute...

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

VulnCheck KEV: CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...