PT-2026-40944

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

CVE-2026-41465

ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal...

CVE-2022-50890

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

EUVD-2025-204692

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...

CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...

CVE-2025-11545

CVE-2025-11545 affects Sharp Display Solutions projectors. NEC/Sharp disclosures and JVN data confirm a vulnerability that exposes sensitive system information to an unauthorized control sphere, enabling an attacker to improperly access the projector’s HTTP server and perform arbitrary actions. T...

CVE-2025-66263

The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...

PT-2025-48117

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...

CVE-2025-34287

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

Remote Code Execution Vulnerability in Vvveb

Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...

EUVD-2018-16628

Malware in sbrugna...

EUVD-2020-19542

Malware in sbrugna...

EUVD-2014-2427

Malware in sbrugna...

EUVD-2021-17122

Malware in sbrugna...

EUVD-2012-4786

Malware in sbrugna...

EUVD-2013-0185

Malware in sbrugna...

EUVD-2016-1175

Malware in sbrugna...

EUVD-2019-8740

Malware in sbrugna...