EUVD-2026-14184

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-1313

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-1313

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

PT-2026-26805

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

Git MCP Server 操作系统命令注入漏洞

Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...

CVE-2025-15432

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...

CVE-2025-15432 yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path traversal

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

CVE-2025-50753

The CVE-2025-50753 entry concerns Mitrastar GPT-2741GNAC-N2 home gateway devices. Affected software exposes SSH access into a restricted default shell, and the command deviceinfo show file is meant for this shell. Supplying the string /bin/sh (with quotes) as the argument to this command can drop...

CVE-2025-9304

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

CVE-2025-9304

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

PT-2025-34232 · Sourcecodester · Online Bank Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A weakness has been identified that allows for SQL injection. The issue impacts an unknown function within the /bank/show.php file. Manipulation of the ID argument can lead...

PT-2024-16493 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.6 Description: A critical issue has been found in Tongda OA, affecting some unknown processing of the file /pda/appcenter/web show.php. The manipulation of the argument ID leads to sql injection. The attack may be...

Mitrastar GPT-2541GNAC-N1 操作系统命令注入漏洞

The Mitrastar GPT-2541GNAC-N1 is a router. An operating system command injection vulnerability exists in the firmware version of the Mitrastar GPT-2541GNAC-N1 HGU 100VNZ0b33, which is caused by incorrectly clearing the parameter "path". The vulnerability can be exploited by a remote authenticatio...

CVE-2009-4886

Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. dot dot in the 1 file parameter to module/admin/files/showfile.php and the 2 path parameter to module/admin/files/showsource.php...

ProShow Gold v4.0.2549 (PSH File) Stack Buffer Overflow

$Id: proshowcellimagebof.rb 7911 2009-12-18 00:19:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...