30 matches found
CVE-2026-49848
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...
CVE-2026-49848
FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...
CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...
PT-2026-47852
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod verto's check auth userauth branch wrote request-supplied userVariables into the...
ANGEET ES3 KVM 安全漏洞
ANGEET ES3 KVM is a KVM switch device from the ANGEET company that enables remote control of keyboards, video, and mice via the network. The Angeet ES3 KVM has a security vulnerability, which stems from improper cleanup of variables provided by users. This vulnerability could allow authenticated...
PT-2026-25920
🔴 CVE-2026-32298 - Critical The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands. https://t.co/UihqyuvV7q https://t.co/RxueFEGJK6...
CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...
PT-2026-7842
Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description An authorization bypass exists in Farktor Software E-Commerce Package due to manipulation of user-controlled variables. This allows bypassing intended access restriction...
EUVD-2025-36875
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables...
GHSA-FG8X-Q69G-4QP3 Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
CVE-2025-10929
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
EUVD-2016-6801
Malware in sbrugna...
EUVD-2017-17212
Malware in sbrugna...
EUVD-2003-1544
Malware in sbrugna...
EUVD-2023-1558
Malicious code in bioql PyPI...
PTT HGS Mobile App 安全漏洞
PTT HGS Mobile App is a mobile application from PTT Turkey that is used to facilitate the management and payment of Highway Electronic Toll Collection System HGS fees. A security vulnerability exists in PTT HGS Mobile App versions prior to 6.5.0, which stems from the presence of a vulnerability...
DEBIAN-CVE-2023-39950
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
Code injection
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...