PT-2026-39331

Name of the Vulnerable Software and Affected Versions UGREEN CM933 version 1.1.59.4319 Description An authentication bypass exists in the Administrative Interface of the device. This issue allows an attacker located on the local network to bypass authentication mechanisms due to a flaw in an...

CVE-2026-2169 D-Link DWR-M921 formLtefotaUpgradeFibocom command injection

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

EUVD-2020-24409

Malware in sbrugna...

EUVD-2007-2113

Malware in sbrugna...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion LFI via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be...

MyBB 路径遍历漏洞

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is easy to use, supports multiple languages, and is extensible. A path traversal vulnerability exists in versions of MyBB prior to 1.8.39, which stems from an upgrade component tha...

CVE-2025-29058

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component...

Qimou CMS 安全漏洞

Qimou CMS 74CMS is a content management system from Qimou Inc. A security vulnerability exists in Qimou CMS version 3.34.0, which stems from the upgrade.php component that could lead to the execution of arbitrary code...

CVE-2025-29058

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component...

CSZ CMS Security Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from an arbitrary file upload vulnerability in component /admin/upgrade...

CVE-2023-3475

A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. I...

Hardcoded credentials

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...

PT-2021-19739 · Qsan · Qsan Storage Manager

Name of the Vulnerable Software and Affected Versions: QSAN Storage Manager versions prior to 3.3.3 Description: The issue is related to improper access control in the FirmwareUpgrade component of QSAN Storage Manager, allowing remote attackers to reboot and discontinue the device. Recommendation...

CVE-2021-1258

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...

CVE-2021-1258

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...

Design/Logic Flaw

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...

Cisco Anyconnect Secure Mobility Client 权限许可和访问控制问题漏洞

The Cisco AnyConnect Secure Mobility Client is a virtual private network VPN client for a variety of operating systems and hardware configurations. An arbitrary file read vulnerability exists in the upgrade component of the Cisco AnyConnect Secure Mobility Client, which can be exploited by a...

Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A remote code execution vulnerability exists in the upgrade component of Cis...

CVE-2020-3138

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...