Ivanti ICS - Authentication Bypass

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. id: CVE-2023-46805 info: name: Ivanti ICS - Authentication Bypass author: DhiyaneshDK,daffainfo,geeknik...

Edimax EW-7438RPn 安全漏洞

Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Edimax. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from a parameter manipulation of the function formWlSiteSurvey in the file /goform/formWlSiteSurvey by the webs component, which...

firefox: thunderbird: Use-after-free in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the WebRTC component...

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

CVE-2026-7061 Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

ChatGPT MCP Server 命令注入漏洞

The ChatGPT MCP Server is a MCP server managed through natural language by Toowiredd’s individual developer. Versions of the ChatGPT MCP Server 0.1.0 and earlier had a command injection vulnerability, which stemmed from the os command injection present in the src/services/docker.service.ts file...

CVE-2026-6747

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

Photobooth Web-Component 跨站脚本漏洞

Photobooth Web-Component is a software developed by Lukas personally. Versions of Photobooth Web-Component prior to 1.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of validation on user input fields, which could lead to cross-site scripting attacks...

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

EUVD-2025-206459

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

PT-2026-5144

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

CVE-2024-34788

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information...

Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞

Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...

@vex-chat/spire (>=1.0.0 <=1.10.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =1.10.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...

@vex-chat/spire (>=1.0.0 <=1.10.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =1.10.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190721...

Malicious code in @asyncapi/web-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2dff5164da9cab0fa9cbd6684d231b19caa4cc57fe660f4d0ad2cd8573dc1a The package @asyncapi/web-component was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198786

Malicious code in @asyncapi/web-component npm...

MAL-2025-190721 Malicious code in @asyncapi/web-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2dff5164da9cab0fa9cbd6684d231b19caa4cc57fe660f4d0ad2cd8573dc1a The package @asyncapi/web-component was found to contain malicious code. Source: ghsa-malware...