EUVD-2006-1907

Malware in sbrugna...

EUVD-2018-0771

Malware in sbrugna...

EUVD-2010-1344

Malware in sbrugna...

EUVD-2022-33946

Malicious code in bioql PyPI...

Legrand SMS PowerView 安全漏洞

Legrand SMS PowerView is an intelligent power management system from Legrand SMS that allows users to remotely monitor and control power devices via SMS. A security vulnerability exists in Legrand SMS PowerView version 1.x. The vulnerability stems from the fact that incorrect operation of the...

PT-2025-13671 · Legrand · Legrand Sms Powerview

Name of the Vulnerable Software and Affected Versions: Legrand SMS PowerView versions 1.x Description: A critical issue has been discovered, affecting an unknown functionality. The manipulation of the redirect argument leads to os command injection. The exploit has been publicly disclosed. There ...

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability CVE-2024-45048. To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, pleas...

CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

Pimcore SQL Injection Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

Command injection

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller...

CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

Design/Logic Flaw

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of...

HCL Technologies BigFix Mobile/Modern Client Management 代码问题漏洞

HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. A security vulnerability exists in HCL Technologies BigFix Mobile/Modern Client Management v1.x, v2.0, which can be exploited by attackers to conduct Un-Auth XML...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in version 1.x prior to TYPO3 1.3.3, which stems from insufficient innocuous handling of user-supplied data, and can be exploited by attackers to condu...