26 matches found
CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
EUVD-2026-8744
A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...
CVE-2026-3200
CVE-2026-3200 affects the z-9527 admin 1.0/2.0 product. The vulnerability is in the server-side code, specifically the functions checkName, register, login, getUser, and getUsers in /server/controller/user.js, where improper handling leads to SQL injection. The issue can be triggered remotely and...
CVE-2025-15171
A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly...
CVE-2025-15171
A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly...
CacheCloud 代码注入漏洞
CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect manipulation of the function index in the file src/main/java/com/sohu/cache/web/controller/ServerController.java,...
Command Injection
Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Command Injection via the serverController.ts process. A user can execute arbitrary operating system commands by supplying crafted input to the command or args parameters. Remediatio...
Server-side Request Forgery (SSRF)
Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseUrl argument in the serverController.ts. An attacker can make the server initiate arbitrary requests to internal or external systems by...
CVE-2025-11286
CVE-2025-11286 affects samanhappy MCPHub up to version 0.9.10. The flaw is in src/controllers/serverController.ts of the MCPRouter Service, where manipulation of the baseUrl argument enables server-side request forgery (SSRF). Exploitation can be remote; the exploit has been publicly disclosed. T...
MCPHub's ServerController is vulnerable to Command Injection
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
GHSA-5Q2P-3JG8-2M98 MCPHub's ServerController is vulnerable to Command Injection
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
EUVD-2025-32449
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
CVE-2025-11285
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
CVE-2025-11285
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
CVE-2025-11285 samanhappy MCPHub serverController.ts os command injection
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...
MCPHub 安全漏洞
MCPHub is an MCP server management tool by samanhappy individual developer. A security vulnerability exists in MCPHub version 0.9.10 and earlier, which stems from the incorrect manipulation of the parameter command/args in the file src/controllers/serverController.ts, which could lead to an os...
EUVD-2025-23918
Malicious code in bioql PyPI...
CVE-2025-55135
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...
CVE-2025-55135
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...
GHSA-MVWQ-HCRJ-F5X9 Apereo CAS has inefficient regular expression complexity
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...