CVE-2026-2959

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit i...

EUVD-2008-0260

Malware in sbrugna...

EUVD-2020-7679

Malware in sbrugna...

EUVD-2025-30371

Malicious code in bioql PyPI...

EUVD-2025-31433

Malicious code in bioql PyPI...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

PT-2025-25600 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects the HTTP POST Request Handler component due to a buffer overflow when processing the file /boafrm/formSysLog. The manipulation of the submit-url argument lead...

PT-2025-18030 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A critical issue affects the processing of the file /boafrm/formWsc. The manipulation of the submit-url argument leads to a buffer overflow. This issue can be exploited remotely...

CVE-2025-2997

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-8541

The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. Th...

PT-2024-39187 · Unknown · Yunke Online School System

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6 Description: A vulnerability was found in the Yunke Online School System, affecting the downfile function of the file application/admin/controller/Appadmin.php. The manipulation of the url...

PT-2024-15926 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical issue has been found in the Parameter Handler component of the affected software, specifically in the file /include/file.php. The manipulation of the url argument leads to server-side...

PT-2024-15927 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical vulnerability was found in the Parameter Handler component of the file /apply/index.php. The manipulation of the url argument leads to server-side request forgery. This issue can be...

PT-2023-10290 · WordPress · Wooframework Branding Plugin

Name of the Vulnerable Software and Affected Versions: WooFramework Branding Plugin versions up to 1.0.1 Description: A problematic vulnerability has been found in the WooFramework Branding Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-branding.ph...

PT-2023-10291 · WordPress · Wooframework Tweaks Plugin

Name of the Vulnerable Software and Affected Versions: WooFramework Tweaks Plugin versions up to 1.0.1 Description: A vulnerability was found in the WooFramework Tweaks Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-tweaks.php. The manipulation of...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...