CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-10324

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

PT-2025-37344

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. Manipulation of the arguments pingFrmWANFilterEnabled, blockSynFloodEnabled, blockPortScanEnabled, or remoteManagementEnabled within the...

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

GHSA-88G3-PV3W-5WMR Liferay Portal is vulnerable to XSS attacks via its remote app title field

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remot...

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

CVE-2025-58793 WordPress WPB Elementor Addons plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Elementor Addons wpb-elementor-addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through = 1.7...

Linux Distros Unpatched Vulnerability : CVE-2024-50636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyMOL 2.5.0 contains a vulnerability in its Run Script function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can...

CVE-2025-9662

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2025-46962

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2025-33820 · Wavlink · Wavlink Wl-Nu516U1

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 M16U1 V240425 Description: A vulnerability exists due to command injection. The issue is located in the /cgi-bin/wireless.cgi file and impacts the sub 4032E4 function. Manipulation of the Guest ssid argument can lead to...

CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...

CVE-2025-8970

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

curl: Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)

In the curl source repository, the OS400 initialization script packages/OS400/make-incs.sh modifies the global shell variable IFS Internal Field Separator without local scoping or restoration. This pattern exposes users and CI/CD systems to unintended parsing, command injection, and logic errors ...

CVE-2012-10044

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...

The vulnerability in the control.php script of the WeGIA web manager allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability in the control.php script of the WeGIA web manager is related to the failure to protect the structure of the web page when processing the descricaoemergencia parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

CVE-2025-46117

CVE-2025-46117 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (prior to 10.5.1.0.279). The root cause is improper sanitization of inputs to a hidden debug script (.ap_debug.sh) invoked from the restricted CLI, allowing an authenti...

The vulnerability of Lua script interpreters arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing attackers to trigger a service failure.

The vulnerability of Lua scripts relates to the execution of an operation outside the buffer boundaries in the memory of ldebug.c. Exploiting this vulnerability can allow an attacker to cause a service failure...