2742 matches found
Arbitrary Command Injection
Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via improper input sanitization in the file upload process. An attacker can execute arbitrary commands on the target...
CVE-2025-44137
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...
CVE-2025-44137
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...
The vulnerability of the arp_sys_asp() function in D-Link DI-8100 router microprogramming software allows a hacker to cause a service failure.
The vulnerability of the arpsysasp function in D-Link DI-8100 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending a specially crafted HTTP request...
The vulnerability of the jingx_asp() function in D-Link DI-8100 router microprogramming software allows a hacker to induce a service failure.
The vulnerability of the jingxasp function in D-Link DI-8100 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failure by sending a specially crafted HTTP request...
TOTOLINK X15 Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. The TOTOLINK X15 suffers from a buffer overflow...
Google Chrome ANGLE/GPU Input Validation Vulnerability
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation vulnerability that stems from insufficient validation of untrustworthy input by ANGLE and GPU, which can be exploited by an attacker to submit a special WEB request, which can be tricke...
D-Link DI-8100 /jingx.asp File Buffer Overflow Vulnerability
The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...
CVE-2024-32124
An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google. Google Chrome V8 suffers from an integer overflow vulnerability that originates from accessing a resource using an incompatible type, which can be exploited by a remote attacker to submit a special WEB request that induces the user to parse it,...
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...
The vulnerability of the XML2PDF library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.
The vulnerability of the XML2PDF library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially crafted HTTP request...
D-Link DI-8100 安全漏洞
The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...
CVE-2023-39339
Ivanti Policy Secure (IPS) vulnerability CVE-2023-39339 affects all IPS versions prior to 22.6R1. An authenticated administrator can perform an arbitrary file read via a specially crafted web request. Impact is confidentiality (high) with no impact to integrity or availability reported; credentia...
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...
The vulnerability of the Device Admin App on the ctrlX OS operating system allows a perpetrator to compromise the integrity of the vulnerable application’s configuration.
The vulnerability of the Device Admin App on the ctrlX OS lies in the improper validation of the data entered by the user against a list of allowed values. Exploiting this vulnerability allows an attacker to compromise the integrity of the vulnerable application by sending a specially crafted HTT...
The vulnerability of the Response Header Handler component in the Craft CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Response Header Handler component in the Craft CMS content management system is related to errors in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-27454
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request...