CVE-2026-30798

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop, strategy processing modules allows Protocol Manipulation. This vulnerability is...

FLIR Systems AX8 Cameras Command Injection (CVE-2022-4364)

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out...

Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...

EUVD-2024-51344

Malicious code in bioql PyPI...

EUVD-2022-51714

Malicious code in bioql PyPI...

AMD System Management Mode 安全漏洞

AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from a SMM call vulnerability that could allow a ring 0 attacker to modify the startup service handler, which...

CVE-2022-4364

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out...

CVE-2024-13103

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack...

CVE-2024-13103 D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack...

PT-2024-25049 · Unknown · Data Provisioning Service

Name of the Vulnerable Software and Affected Versions: Data Provisioning Service affected versions not specified Description: The issue is related to the Document Service handler in the Data Provisioning Service, which does not properly encode user-controlled inputs. This results in a Cross-Site...

Command injection

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely...

Teledyne FLIR AX8 操作系统命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A command injection vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from an unknown function in the palette.php file of its Web Service Handler component that operates on the...

PT-2022-26985 · Teledyne Flir · Teledyne Flir Ax8

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR AX8 versions up to 1.46.16 Description: A critical vulnerability has been found in the Web Service Handler component of the affected software. The issue is related to an unknown function of the file palette.php, where the...

CVE-2022-4364

The CVE-2022-4364 issue affects Teledyne FLIR AX8 devices with Web Service Handler, where manipulation of the palette.php palette parameter in an unknown function enables remote command injection. This vulnerability is exploitable over the network without authentication, and public proof-of-conce...

CVE-2022-35879

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

CVE-2022-2750 SourceCodester Company Website CMS Add Service add-service.php unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack...

Company Website CMS 代码问题漏洞

Company Website CMS is a company website/CMS by Torrahclef Personal Developer. A security vulnerability exists in Company Website CMS, which stems from an unknown function of the file /dashboard/add-service.php of the component Add Service Handler being affected, resulting in unrestricted uploads...

TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)

简要描述： TRSids设计缺陷xxe/用户信息泄露包括密码，好久没有发过漏洞了，突然上来看了看，发现漏洞提交页面都变了 详细说明： 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...