28 matches found
CVE-2026-40623 SenseLive X3050 Missing Authorization
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchd...
EUVD-2020-25267
Malware in sbrugna...
EUVD-2018-15494
Malware in sbrugna...
EUVD-2008-0800
Malware in sbrugna...
EUVD-2021-21698
Malware in sbrugna...
EUVD-2024-33923
Malicious code in bioql PyPI...
CVE-2015-6510
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...
CVE-2015-6509
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 proxypass parameter to systemadvancedmisc.php; 2 adaptiveend, 3 adaptivestart, 4 maximumstates, 5 maximumtableentries, or 6 aliasesresolveinterval...
CVE-2025-29431
Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in /pages/department.php via the id, code, and name parameters...
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...
CVE-2023-3942
CVE-2023-3942 is a documented SQL injection in ZKTeco-based OEM devices, caused by improper neutralization of SQL elements. Affected products include ZKTeco ProFace X and Smartec ST-FR043/ST-FR041ME, with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and related Standalone service 2.1.6-20200907, per m...
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the...
F5 Networks BIG-IP : RSRE Variant 3a vulnerability (K51801290)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K51801290 advisory. Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may...
WeCube 安全漏洞
WeCube is a set of open source , one-stop It architecture management and operation and maintenance management tools . Used to simplify the distributed architecture It management , and can be extended through plug-ins . A security vulnerability exists in WeCube Platform version 3.2.2, which stems...
Command Injection
kylin is vulnerable to command injection. The vulnerability exists when overwriting system parameters in the configuration overwrites menu which allows an attacker to send a specially crafted request using the value parameter and inject any operating system command into the system...
CVE-2022-24697
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
Command injection
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
CVE-2022-24697
CVE-2022-24697 affects Apache Kylin’s cube designer function and enables command injection/RCE by manipulating the configuration overwrite menu. The root cause described across Red Hat advisories is improper input filtering; an attacker can influence command execution by controlling the kylin.eng...
CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...