222110 matches found
CVE-2018-25148
CVE-2018-25148 affects Microhard Systems IPn4G 1.1.0. The admin interface contains multiple authenticated remote code execution vulnerabilities that allow an authenticated attacker to create crontab jobs and modify system startup scripts. Attackers can execute arbitrary commands with root privile...
PoC-Analyzer
PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...
Microhard Systems IPn4G 安全漏洞
Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which stems from multiple authenticated remote code execution vulnerabilities in the management interface that could lead to the creation of...
AVE DOMINAplus 安全漏洞
AVE DOMINAplus is an application from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x, which stems from vulnerability to cross-site request forgery and cross-site scripting attacks that could lead to the...
PT-2025-53368
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...
PT-2025-53320
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...
TencentOS Server 3: httpd:2.4 (TSSA-2025:0973)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0973 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Strengthening supply chain security: Preparing for the next malware campaign
The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in their mechanics and speed,...
CVE-2025-14414
Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...
EUVD-2023-60242
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2025-65790
A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline...
PDFsam Enhanced 安全漏洞
PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A security vulnerability exists in PDFsam Enhanced that stems from the implementation of a Launch action that allows the execution of dangerous scripts without user warnings, which could lead to remote code execution...
Pdfforge Pdf Architect 安全漏洞
Pdfforge Pdf Architect is a solution for viewing and editing PDF documents from Pdfforge. A security vulnerability exists in Pdfforge Pdf Architect, which stems from an implementation of the Launch operation that allows dangerous scripts to be executed without user warning, potentially leading to...
Soda PDF Desktop 安全漏洞
Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. A code execution vulnerability exists in Soda PDF Desktop, which stems from the implementation of a Launch action that allows the execution of dangerous...
PDFsam Enhanced 安全漏洞
PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A security vulnerability exists in PDFsam Enhanced that stems from processing DOC files in a way that allows execution of dangerous scripts without user warnings, which could lead to remote code execution...
CVE-2023-53980
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...
CVE-2025-65790
A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...