Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. id: CVE-2020-7980 info: name: Satellian Intellian Aptus Web...

PT-2026-48437

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

CVE-2026-9256

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bound...

Arbitrary Argument Injection

mcp-server-git is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the gitdiff and gitcheckout functions passing user-controlled arguments directly to git CLI commands without sanitization, where flag-like values would be interpreted as command-line options rather than git...

rustfs 安全漏洞

rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in rustfs versions 1.0.0-alpha.13 through 1.0.0-alpha.78, which stems from a flaw in the denyonly short-circuit logic that could lead to elevation of privilege and bypassing session...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of the return value of createinformatblob, which could result in a null pointer dereference...

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

EUVD-2025-201698

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

EUVD-2025-79112

Malicious code in harshweaselz3n npm...

The vulnerability of the web_tacplus_serverEdit_post() function in the microprogramming software for PLANET Technology allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the webtacplusserverEditpost function in the microprogramming software for PLANET Technology relates to the issue of the operation exceeding the buffer boundaries in memory when processing the tacIp parameter. Exploiting this vulnerability could allow an attacker to compromis...

Vulnerability of the nouveau_fence_context_kill() function in the drivers/gpu/drm/nouveau/nouveau_fence.c module – This driver is part of the NVIDIA Linux kernel’s Direct Rendering Infrastructure (DRI) support. It allows a hacker to trigger a service failure.

Vulnerability of the nouveaufencecontextkill function in the drivers/gpu/drm/nouveau/nouveaufence.c module – The drivers for NVIDIA’s Direct Rendering Infrastructure DRI in Linux kernel-based graphics cards are vulnerable to synchronization errors when using shared resources. Exploiting this...

The vulnerability of the validate_bksv() function in the amdgpu driver of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the validatebksv function in the drivers/gpu/drm/amd/display/modules/hdcp/hdcp1execution.c file of the amdgpu kernel in the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow a remote attacker to compromi...

python_food 安全漏洞

pythonfood is a takeout ordering website by Tim Green, a personal developer. A security vulnerability exists in pythonfood version V1.0. An attacker can exploit the vulnerability to gain access to sensitive information...

The vulnerability of the br_multicast_del_port() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the br MulticastDelPort function in the net/bridge/br Multicast.c module of the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio...

The vulnerability of the nft_expr_type_get() function in the netfilter component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nftexprtypeget function in the net/netfilter/nftablesapi.c module of the Linux kernel’s netfilter component is related to concurrent access to resources race conditions. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, an...

libigl 安全漏洞

libigl is a simple C++ geometry processing library open-sourced by libigl. A security vulnerability exists in libigl version v2.5.0, which stems from an out-of-bounds write vulnerability in the PlyFile plycastascii function, where a specially crafted .ply file can cause a heap buffer overflow...

CVE-2024-21750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...