CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

Tenda G103 命令注入漏洞

The Tenda G103 is a GPON fiber access device designed specifically for home and SOHO users by the Chinese company Tenda. Version 1.0.0.5 of the Tenda G103 contains a command injection vulnerability. This vulnerability stems from an improper operation of the parameter “lanIp” in the function...

EUVD-2025-4887

Malicious code in bioql PyPI...

CVE-2023-39115

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document...

CVE-2023-39115

CVE-2023-39115 affects Campcodes Online Matrimonial Website System Script 3.3. the vulnerability is an arbitrary file upload via a crafted SVG, enabling code execution (SVG contains script and external navigation). Root cause: insufficient validation of uploaded SVG files. Affected component: ins...

PT-2022-28261 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: ckb version 0.101.2 Description: The issue arises when the max cycles is insufficient, causing ScriptError::ExceededMaximumCycles to be raised directly instead of suspending as expected. This occurs randomly due to the random execution order ...

CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability

A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...

CVE-2022-20789

Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) are affected by an Arbitrary File Write vulnerability in the upgrade process. The issue arises from improper restrictions on a system script, enabling an authenticated, remote attacker to ...

CVE-2022-20789 Cisco Unified Communications Products Arbitrary File Write Vulnerability

A vulnerability in the software upgrade process of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability i...

Mellow Fish YetiShare Cross-Site Scripting Vulnerability (CNVD-2020-00223)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A cross-site scripting vulnerability exists in the logfileviewer.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of proper validation of client-side data by...

Unspecified Vulnerability in Manjaro Linux

Manjaro Linux is a set of Linux distributions for the Arch operating system. A security vulnerability exists in the manjaro-update-system.sh file in the manjaro-system 20180716-1 release of Manjaro Linux. A local attacker can exploit this vulnerability to install or remove arbitrary packets or...

CVE-2018-6866

Cross Site Scripting XSS exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message...

CVE-2018-6866

CVE-2018-6866 affects PHP Scripts Mall Learning and Examination Management System Script 2.3.1. The connected documents describe a Cross Site Scripting (XSS) vulnerability in the system, exploitable through a crafted message in the messaging feature. PoCs and exploits (e.g., Exploit-DB and 0day l...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Group Names field, 5 the Flow Monitor Credentials field, 6 the Flow...

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...

Jetik Emlak ESA 2.0 - Multiple SQL Injections

Jetik Emlak ESA 2.0 System Script KayitNo multiple remote sql inj ---------------------------------------------------------- Discovered By: ZoRLu Date: 24.09.2008 contact: [email protected] contact: [email protected] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA :...

CVE-2006-6155

Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script HSRS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ipadd or 2 url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from thi...

CVE-2006-6154

PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...

CVE-2006-6155

CVE-2006-6155 involves multiple SQL injection vulnerabilities in addrating.php of the HIOX Star Rating System Script (HSRS) 1.0 and earlier. The flaws allow remote attackers to inject and execute arbitrary SQL commands via the (1) ipadd or (2) url parameters. The description notes this informatio...

CVE-2006-6154

PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...