CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2023-7330

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

CVE-2025-33028

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this...

Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. It is used to protect...

PT-2024-5260 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.8 2024.06 Archer Platform versions 6.8 before 2024.06 Archer Platform versions 6.14 before 6.14.0.4 Archer Platform versions 6.13 before 6.13.0.4 Description: The issue is related to the lack of protection ...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

tianchoy/blog Arbitrary File Upload Vulnerability

tianchoy/blog is a Chinese software developer Tian Chao developed a single-user blog creation program . A security vulnerability exists in the upload.php file in tianchoy/blog 2017-09-12 and earlier versions. A remote attacker can exploit this vulnerability to upload arbitrary files and execute P...

HTMLToNuke Cross-Site Scripting Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable...

HTMLToNuke - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script...