AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CLI MCP server. An attacker can gain unauthorized access to privileged tools by issuing cross-origin requests from a malicious website on the same machine, leveraging the...

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

EUVD-2026-5826

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters terminaladdr/serverip/serverport in the Configuration...

PT-2026-6939

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the Configuration Parameter Handler component of D-Link DIR-823X version 250416. The issue stems from manipulating the terminal addr, server ip, and server port arguments within the...

sb-poc-web

StackBill Deployer Web-based deployment portal for StackBill...

K000156643: BIG-IP SMTP configuration security exposure

Security Advisory Description An authenticated attacker granted the guest role on a BIG-IP system can modify the SMTP Server Host Name as well as the SMTP Server Port Number settings and run the Test Connection feature. This issue occurs when the following condition is met: The affected BIG-IP...

CVE-2025-10641

EfficientLab WorkExaminer Professional suffers unencrypted traffic across its monitoring stack. The CVE-2025-10641 description (confirmed across multiple sources) states that all communications between monitoring client, console, and server are transmitted in clear text, including unencrypted FTP...

EUVD-2018-3489

Malware in sbrugna...

EUVD-2000-0657

Malware in sbrugna...

EUVD-2025-6937

Malicious code in bioql PyPI...

EUVD-2021-34049

Malicious code in bioql PyPI...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23470)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameters terminaladdr/serverip/serverport in the file /usr/sbin/goahead, which can be exploited by an attacker to cause...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

D-Link DIR-823X 安全漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameters terminaladdr/serverip/serverport in the file /usr/sbin/goahead, which can be exploited by an attacker to cause...

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands...

CVE-2024-8196

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace...

CVE-2024-8196

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace...