FEDML 路径遍历漏洞

FEDML is a unified and scalable machine learning training and deployment library open sourced by TensorOpera. Versions of FEDML 0.8.9 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter dataSet, which could lead to path travers...

Tenda AC20 安全漏洞

Tenda AC20 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC20 version 16.03.08.12 and earlier, which stems from an incorrect operation of the parameter wpapskcrypto in the file /goform/WifiExtraSet, which may result in a buffer overflow...

EUVD-2025-25400

Malicious code in bioql PyPI...

SUSE CVE-2023-53464

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

CVE-2023-53464

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

PT-2025-40171

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the iscsi tcp component. The issue stems from a missing validation check for the sock variable before it is assign...

CVE-2025-9247 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setVlan stack-based overflow

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlanset leads to stack-based buffer...

CVE-2025-50616

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wladvancedset in the payload, which can cause the program to crash and lead to a Denial of Servi...

CVE-2025-50608

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wlbaseset in the payload, which can cause the program to crash and potentially lead to a Denial ...

CVE-2022-20548

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2024-34957

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/sysImagesdeal.php?mudi=infoSet...

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

SUSE CVE-2009-4248

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and...

CVE-2022-45716

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function...

Tenda AX12 缓冲区错误漏洞

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A security vulnerability exists in Tenda AX12 version v22.03.01.21CN, which originates from a stack overflow contained in the ssid parameter via /goform/fastsettingwifiset...

CVE-2022-24167

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter...

Unspecified Vulnerability in Dot-object

Dot-object is a module to convert json objects using dot representation. A security vulnerability exists in Dot-object versions prior to 2.1.3. An attacker can exploit this vulnerability to add or modify Object.prototype properties with the help of the 'set' parameter...

CVE-2018-6466

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSSset parameter to wp-admin/options-general.php...

Arbitrary File Deletion Vulnerability in the Pelco Sarix Pro Webcam set_param Program

pelco Sarix Professional is a video camera. An arbitrary file deletion vulnerability exists in the pelco Sarix Pro webcam setparam program. The vulnerability is caused due to the program not checking filenames when processing parameters, which can be exploited by an attacker to delete arbitrary...

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...