Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. id: CVE-2020-7980 info: name: Satellian Intellian Aptus Web...

CVE-2026-9256

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bound...

Arbitrary Argument Injection

mcp-server-git is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the gitdiff and gitcheckout functions passing user-controlled arguments directly to git CLI commands without sanitization, where flag-like values would be interpreted as command-line options rather than git...

rustfs 安全漏洞

rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in rustfs versions 1.0.0-alpha.13 through 1.0.0-alpha.78, which stems from a flaw in the denyonly short-circuit logic that could lead to elevation of privilege and bypassing session...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of the return value of createinformatblob, which could result in a null pointer dereference...

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

EUVD-2025-201698

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

EUVD-2025-79112

Malicious code in harshweaselz3n npm...

python_food 安全漏洞

pythonfood is a takeout ordering website by Tim Green, a personal developer. A security vulnerability exists in pythonfood version V1.0. An attacker can exploit the vulnerability to gain access to sensitive information...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio...

libigl 安全漏洞

libigl is a simple C++ geometry processing library open-sourced by libigl. A security vulnerability exists in libigl version v2.5.0, which stems from an out-of-bounds write vulnerability in the PlyFile plycastascii function, where a specially crafted .ply file can cause a heap buffer overflow...

CVE-2024-21750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

SEOPress < 6.5.0.3 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

GSD-2022-1005828 powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address

powerpc/cell/axonmsi: Fix refcount leak in setupmsimsgaddress This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...

GitLab: Dependecy Confusion via Lookup Request Forwarding to PyPi.org

Summary pip is probably the most popular Python package manager and can be used to install packages from the publicly available Python Package Index PyPi at pypi.org or form internal package repositories. In the beginning of 2021, a vulnerability type called Dependency Confusion attracted some...

GSD-2022-1004255 f2fs: attach inline_data after setting compression

f2fs: attach inlinedata after setting compression This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.8 by commit...

iomni.ai Cross Site Scripting vulnerability OBB-2769016

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-24882

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. Th...