EUVD-2024-21839

Malicious code in bioql PyPI...

CVE-2022-43774

The HandlerPagePKID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2024-39209

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter...

Sql injection

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2022-43775

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2022-43775

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

CVE-2020-19896

CVE-2020-19896 affects Minicms v1.9 and is a file inclusion vulnerability that lets remote attackers execute arbitrary PHP code via the file post-edit.php. The NVD metrics indicate a CVSSv3.1 base score of 9.8 (CRITICAL) with network access, low attack complexity, no user interaction, and impacts...

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

CVE-2022-22115

The CVE-2022-22115 entry concerns Teedy (open-source document management). The vulnerability is a Stored XSS flaw in the name of a created Tag, caused by improper sanitization on the Edit Tag page. A low-privileged attacker can store malicious scripts in a Tag name, with potential impact to a hig...

CVE-2022-22114

The CVE refers to Teedy, versions 1.5–1.9, with a Reflected Cross-Site Scripting (XSS) flaw in the search term display. The issue arises from insufficient sanitization/output of search results, enabling an attacker to craft a URL that injects scripts executed in the victim’s browser. In the descr...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, USA. A buffer error vulnerability exists in Wolfssl wolfMQTT that stems from the product's failure to properly determine memory boundaries when calling MqttClientDecodePacket...

Backdoor.Win32.Prorat.lkt Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dec8f9042986d64e29d62effb482290bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.lkt Vulnerability: Port Bounce Scan MITM Description: The ProSpy Server V1.9...

CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

Cross site scripting

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

CVE-2020-19855

CVE-2020-19855 affects phpwcms v1.9 with a cross-site scripting (XSS) vulnerability in /image_zoom.php. Several connected sources confirm the issue and its impact: an attacker could exploit this XSS to obtain an administrator cookie (CNVD/CNNVD entries). The Red Hat, NVD, and CVE listings all des...

CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

Improper access control

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...