70 matches found
CVE-2025-64048
YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...
CVE-2025-63645
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...
CVE-2025-23357
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...
PT-2025-46373
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw in a script that could allow an attacker to manipulate code generation with malicious input. Exploitation of this issue may result in...
CVE-2025-31994
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request, which is reflected in the server’s immediate response and executed in the victim’s browser. The vulnerability is documented across multiple sources (incl...
CVE-2025-11450
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...
EUVD-2021-14014
Malware in sbrugna...
EUVD-2013-7250
Malware in sbrugna...
EUVD-2017-15563
Malware in sbrugna...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: socat (UTSA-2025-986111)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986111 advisory. readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. Tenable has extracted the preceding description block directly from the Unity Linux securit...
CVE-2025-10775
A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been...
Accela Automation Platform 安全漏洞
Accela Automation Platform is an automation platform from Accela Canada. A security vulnerability exists in Accela Automation Platform version 22.2.3.0.230103, which stems from multiple issues with the Test Script functionality, including the ability to execute arbitrary Java code, improper...
CVE-2025-10426 itsourcecode Online Laundry Management System login.php sql injection
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been releas...
CVE-2025-10324 Wavlink WL-WN578W2 firewall.cgi sub_401C5C command injection
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...
CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload
A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...
CVE-2025-55581
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...
The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.
The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...
Code-Projects Daily Expense Manager SQL注入漏洞
Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...
CVE-2025-25221
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...
The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.
The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...