14 matches found
CVE-2026-24108
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...
CVE-2026-24113
CVE-2026-24113 affects Tenda W20E router (V4.0br_V15.11.0.6). The issue occurs when the input value nptr is passed to getMibPrefix and concatenated via sprintf without proper size validation, leading to a buffer overflow. The available documents do not specify the exact impact, exploited versions...
EUVD-2021-29507
Malicious code in bioql PyPI...
CVE-2021-42639
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization...
UBUNTU-CVE-2024-8932
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...
PT-2024-28675 · Unknown · Microscada Pro/X Sys600
Name of the Vulnerable Software and Affected Versions: MicroSCADA Pro/X SYS600 affected versions not specified Description: The product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited, this issue allows the attack...
CVE-2022-25871
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
Insyde InsydeH2O 安全特征问题漏洞
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. insydeH2O Int15MicrosoftSmm has a security feature issue vulnerability that stems from uncontrolled input t...
CVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
CVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
Input validation
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
CVE-2021-42538 Emerson WirelessHART Gateway
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation
Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...
Дырка в modutils
Неконтролируемый ввод пользователя позволяет вызов внешней программы...