Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1696)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1696 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized...

CVE-2024-55020

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...

EUVD-2024-55458

Incorrect access control in the component downloadwb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...

PT-2026-22776

Incorrect access control in the component download wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...

Pi-hole Ad-Blocker Detection Consolidation

Consolidation of Pi-hole Ad-Blocker detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2023-43919

Malicious code in bioql PyPI...

EUVD-2023-27560

Malicious code in bioql PyPI...

CVE-2025-8066

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2...

CVE-2025-45315

CVE-2025-45315 describes an XSS vulnerability in hortusfox-web v4.4 via the /controller/admin.php endpoint, exploitable by injecting a crafted payload into the email parameter to execute JavaScript in a user’s browser. The underlying cause is misuse/insufficient sanitization of the email input, e...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...

FreeBSD : element-web -- several vulnerabilities (ab4e6f65-a142-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab4e6f65-a142-11ef-84e9-901b0e9408dc advisory. Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if...

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

Exploit for SQL Injection in Automattic Woocommerce_Blocks

CVE-2021-32789 Authenticated Blind SQL Injection. Wordpress wo...

Command injection

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

CVE-2023-50466

The CVE-2023-50466 issue affects Weintek cMT2078X EasyWeb Web, Version v2.1.3, OS v20220215. The vulnerability is an authenticated command injection in the HMI Name parameter, allowing an attacker with valid credentials to execute arbitrary code or access sensitive information. Affected component...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

TOTOLINK X2000R Buffer Error Vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWlanRedirect method...

TOTOLINK X2000R Buffer Error Vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWirelessTbl method...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway. Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink...