TP-LINK Archer AXE75 安全漏洞

The TP-LINK Archer AXE75 is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Archer AXE75 v1.6, which stems from improper input validation, and could lead to the deletion of arbitrary server files by an authenticated, neighboring attacker, resulting in the...

EUVD-2018-8038

Malware in sbrugna...

EUVD-2022-32888

Malicious code in bioql PyPI...

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

Cross site scripting

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...

CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...

CVE-2024-24059

Springboot-manager v1.6 is affected by an Arbitrary File Upload vulnerability caused by not filtering uploaded file suffixes. The reports consistently describe this as the root cause and outline the resulting security impact as arbitrary file upload with low confidentiality/integrity impact and n...

CVE-2024-24061

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sysContent/add...

Wchat 1.6 HTML Injection

==================================================================================================================================== | Title : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

CVE-2023-33552

The CVE-2023-33552 issue affects erofs-utils v1.6, with a Heap Buffer Overflow in erofs_read_one_data (data.c) that can allow arbitrary code execution via a crafted erofs filesystem image. Public references in connected sources confirm the flaw and that Fedora/Mageia advisories backported fixes t...

Sql injection

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

Cross site request forgery (csrf)

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

CVE-2022-27978

Tooljet (v1.6) is affected by an issue described as improper handling of missing values in the API, which enables an attacker to arbitrarily reset user passwords via a crafted HTTP request. The vulnerability is evidenced in CVE-2022-27978 and mapped to a CVSS v3.1 base score of 7.5 (HIGH) with NE...

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

CVE-2023-0423

CVE-2023-0423 affects the WordPress Amazon S3 Plugin for WordPress versions before 1.6. The vulnerability is a Reflected Cross‑Site Scripting caused by insufficient sanitization/escaping of a parameter before it is echoed back on the page, which could be exploited against high‑privilege users suc...

CVE-2023-24657

phpipam v1.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the closeClass parameter at /subnet-masks/popup.php...

CVE-2023-24657

phpipam v1.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the closeClass parameter at /subnet-masks/popup.php...