Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.20 and 3.1.24 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to submit custom values into hidden fields. These values we...

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of cowlib contains an injection vulnerability. This vulnerability stems from the cowcookie:cookie/1 function in cowlib, which constructs client Cookie request headers based on a list of name-value...

WSO2 Identity Server 跨站脚本漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a cross-site scripting vulnerability. This vulnerability arises from the fact that the authentication endpoint accepts user input without enforcing the expected verification...

Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.

Description Summary “AirtableAgent” is an agent function provided by FlowiseAI that retrieves search results by accessing private datasets from airtable.com. “AirtableAgent” uses Python, along with Pyodide and Pandas, to get and return results. The user’s input is directly applied to the question...

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the lack of verification of the picName parameter’s size, which may lead to a buffer overflow...

Google Gemini MCP Tool operating system command injection vulnerability

Google Gemini MCP Tool is a tool component developed by Google Inc., based on large model context protocols. Google Gemini MCP Tool has a vulnerability related to operating system command injection. This vulnerability stems from the execAsync method, which executes system calls without verifying...

CVE-2021-22305

There is a buffer overflow vulnerability in Mate 30 10.1.0.126C00E125R5P3. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service...

CVE-2021-22306

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182C00E180R6P2. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service...

ChurchCRM 代码注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...

Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1800GX that originates from unverified input to the moduleset function in the file /usr/local/lua/devsta/nbrcwmp.lua, which could lead to an OS command injection attack...

Ruijie RG-EW1800GX 安全漏洞

Ruijie RG-EW1800GX is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1800GX that originates from unverified input to the moduleget function in the file /usr/local/lua/devsta/networkConnect.lua, which could lead to an OS command injection attack...

Ruijie X30 PRO 安全漏洞

Ruijie X30 PRO is a home wireless router from Ruijie China. A security vulnerability exists in Ruijie X30 PRO, which originates from an unverified input to the moduleset function in the file /usr/local/lua/devsta/nbrnetworkIdmerge.lua, which could lead to an OS command injection attack...

Ruijie RG-EW1200G PRO 安全漏洞

Ruijie RG-EW1200G PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 versions, which originates from unverified input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could...

Ruijie RG-EW1200G PRO 安全漏洞

Ruijie RG-EW1200G PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in Ruijie RG-EW1200G PRO version V1.00/V2.00/V3.00/V4.00, which originates from an unverified input to the moduleset function in the file /usr/local/lua/devsta/nbrcwmp.lua, which could lead to an ...

Ruijie RG-EW1200 安全漏洞

Ruijie RG-EW1200 is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie RG-EW1200 that originates from unverified input to the moduleset function in the file /usr/local/lua/devconfig/configretain.lua, which could lead to an OS command injection attack...

CVE-2020-36883

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to...

CVE-2020-36883 SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to...

EUVD-2020-14764

Malware in sbrugna...

EUVD-2021-9448

Malicious code in bioql PyPI...

PHPGurukul User Registration & Login and User Management System Security Vulnerability

PHPGurukul User Registration & Login and User Management System is a user registration & login and user management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul User Registration & Login and User Management System version V3.3, which originates from unverified input of...