276248 matches found
Multiple Microsoft Office products vulnerable to untrusted search path
Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...
OS command injection in raspap-webgui
Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
BELL-CVE-2026-23016
Bulletin has no description...
ABC PRO EAP Legislator 路径遍历漏洞
ABC PRO EAP Legislator is a software developed by the Polish company ABC PRO, used for managing legislative processes and editing legal documents. ABC PRO EAP Legislator has a path traversal vulnerability; this vulnerability arises from the file extraction function’s ability to traverse paths,...
PT-2026-5656
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026...
Delta Electronics DIAView Command Injection Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...
raspap-webgui 操作系统命令注入漏洞
Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the delapikey command. The issue resul...
Tendenci 安全漏洞
Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 15.3...
Tendenci 安全漏洞
Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 15.3...
Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the getcipherset command. Th...
PT-2026-5693
Name of the Vulnerable Software and Affected Versions LUNA software version 7.5.5.6 Description A stored Cross-Site Scripting XSS issue exists in LUNA software. This allows an attacker to execute JavaScript code in a victim’s browser by injecting a malicious payload through the 'Edit Batch Name'...
PT-2026-5709
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
Piranha CMS 12.0 - Stored XSS in Text Block
Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage: https://piranhacms.org Software Link:...
Malicious code in hultine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c6e91ab35953cced9cf886a16976bb282de1dcf804938f4179a2dcf8dc1af731 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
CVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
EUVD-2021-34750
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...
CVE-2021-47914 PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
BELL-CVE-2026-23012
Bulletin has no description...
BELL-CVE-2025-71155
Bulletin has no description...