11 matches found
CVE-2026-1468
Product: QuickCMS. Vulnerability: Cross-Site Request Forgery (CSRF) across multiple endpoints. An attacker can lure a victim to a crafted site that automatically issues a POST request using the victim’s credentials. Root cause / vector: The software does not implement protections against CSRF on ...
Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert
Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed...
CVE-2025-11905
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used...
EUVD-2024-49833
Malicious code in bioql PyPI...
CVE-2025-4142
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but di...
CVE-2025-2363
The CVE-2025-2363 entry concerns lenve VBlog up to 1.0.0. Affected is the function uploadImg in blogserver/src/main/java/org/sang/controller/ArticleController.java. The filename argument manipulation leads to path traversal, enabling a remote attack. Public exploit disclosure is noted, and the ve...
CVE-2025-2115 zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload
A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely...
CVE-2023-3753
A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The...
Humax Digital HG100R 2.0.6 XSS / Information Disclosure
Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6 - Backup file download CVE-2017-7315 An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users...
Photodex ProShow Producer 5.0.3297 Memory Corruption
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119 Date found: 2013-02-14 Date published: 2013-02-14...
baalASPSQL.txt
------------------------------------------------------ Nightmare TeAmZ Advisory 002 ------------------------------------------------------ Date - 10/2005 BaalASP Free Bulletin Board Sql Injection Admin Login AFFECTED PRODUCTS ================= BaalASP Free Bulletin Board...