CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-2959

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit i...

EUVD-2008-0260

Malware in sbrugna...

EUVD-2020-7679

Malware in sbrugna...

EUVD-2025-30371

Malicious code in bioql PyPI...

EUVD-2025-31433

Malicious code in bioql PyPI...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

PT-2025-25600 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects the HTTP POST Request Handler component due to a buffer overflow when processing the file /boafrm/formSysLog. The manipulation of the submit-url argument lead...

PT-2025-18030 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A critical issue affects the processing of the file /boafrm/formWsc. The manipulation of the submit-url argument leads to a buffer overflow. This issue can be exploited remotely...

CVE-2025-2997

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-8541

The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. Th...

PT-2024-39187 · Unknown · Yunke Online School System

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6 Description: A vulnerability was found in the Yunke Online School System, affecting the downfile function of the file application/admin/controller/Appadmin.php. The manipulation of the url...

PT-2024-15926 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical issue has been found in the Parameter Handler component of the affected software, specifically in the file /include/file.php. The manipulation of the url argument leads to server-side...

PT-2024-15927 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical vulnerability was found in the Parameter Handler component of the file /apply/index.php. The manipulation of the url argument leads to server-side request forgery. This issue can be...

PT-2023-10290 · WordPress · Wooframework Branding Plugin

Name of the Vulnerable Software and Affected Versions: WooFramework Branding Plugin versions up to 1.0.1 Description: A problematic vulnerability has been found in the WooFramework Branding Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-branding.ph...

PT-2023-10291 · WordPress · Wooframework Tweaks Plugin

Name of the Vulnerable Software and Affected Versions: WooFramework Tweaks Plugin versions up to 1.0.1 Description: A vulnerability was found in the WooFramework Tweaks Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-tweaks.php. The manipulation of...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...