CVE-2026-33078

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

Sql injection

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...