CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

CampCodes School Fees Payment Management System SQL注入漏洞

School Fees Payment Management System is a tuition payment management system. School Fees Payment Management System is vulnerable to a SQL injection vulnerability that stems from improper handling of unknown parameters in the /ajax.php?action=deletecourse file. No details of the vulnerability are...

CVE-2025-12240

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...

EUVD-2020-12774

Malware in sbrugna...

EUVD-2016-6095

Malware in sbrugna...

EUVD-2006-6096

Malware in sbrugna...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 25.1.102, which originates from an unvalidated /var/www/app/consolerelease/lexmark/update.php script that does not properly...

CVE-2025-9657

A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /xprogramcenter/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched...

CVE-2024-46484

TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component...

PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

CVE-2025-9153

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Command Injection

iIlevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the passwd HTTP POST parameter in the /ajax/php/login.php script. !/usr/bin/env python Ilevia EVE ...

PowerStick Wave Dual-Band Wifi Extender 安全漏洞

PowerStick Wave Dual-Band Wifi Extender is a portable WiFi extender from PowerStick USA. A security vulnerability exists in version V1.0 of the PowerStick Wave Dual-Band Wifi Extender that originates from insufficient user input cleanup in the file /cgi-bin/cgivista.cgi, which could lead to remot...

tarteaucitron.js 安全漏洞

tarteaucitron.js is a cookie manager for the Amauri CHAMPEAUX Personal Developer. A security vulnerability exists in tarteaucitron.js versions prior to 1.22.0, which stems from a failure to validate that document.currentScript references an actual script element, which could result in a script pa...

TOTOLINK T10 安全漏洞

The TOTOLINK T10 is a dual-band mesh networking router from TOTOLINK for full coverage needs of home and office networks. A buffer overflow vulnerability exists in TOTOLINK T10. The vulnerability stems from incorrect manipulation of the parameter desc in the file /cgi-bin/cstecgi.cgi. An attacker...

CVE-2022-42143

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /saccoshield/managepayment.php...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

PT-2024-16398 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions 2017 up to 11.10 Description: A critical issue has been found in Tongda OA, affecting an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the where repeat argument lea...

UBUNTU-CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

PT-2024-6467 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...