WordPress plugin LinkedIn SC 跨站脚本漏洞

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

PHPGurukul News Portal 安全漏洞

News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...

WOLFBOX Level 2 EV Charger 安全漏洞

The WOLFBOX Level 2 EV Charger is an electric vehicle charger from WOLFBOX. A security vulnerability exists in the WOLFBOX Level 2 EV Charger that stems from improper handling of the secKey, localKey, stdTimeZone, and devId parameters, which could lead to a heap buffer overflow and remote code...

PT-2023-11363 · Dro.Pm · Dro.Pm

Name of the Vulnerable Software and Affected Versions: dro.pm affected versions not specified Description: A problematic issue was found in dro.pm, affecting an unknown part of the file web/fileman.php. The manipulation of the secret/key argument leads to cross-site scripting. It is possible to...

PT-2022-16054 · Npm · Jsonwebtoken

Name of the Vulnerable Software and Affected Versions: jsonwebtoken versions = 8.5.1 Description: A high-severity security flaw has been discovered in the jsonwebtoken library, leading to remote code execution RCE attacks. The issue arises when a malicious actor can modify the key retrieval...

ASUSTOR ADM OS Command Injection Vulnerability (CNVD-2018-26932)

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the user.cgi file in ASUSTOR ADM version 3.1.1, which can be exploited to execute system commands with root privileges using the 'secretkey' URL...