Carlo Gavazzi SmartHouse Webapp 安全漏洞

Carlo Gavazzi SmartHouse Webapp is a software platform for remote management of smart home devices from Carlo Gavazzi, USA. A security vulnerability exists in Carlo Gavazzi SmartHouse Webapp version 6.5.33, which stems from the presence of multiple cross-site request forgery and cross-site...

EUVD-2007-3409

Malware in sbrugna...

EUVD-2005-0928

Malware in sbrugna...

EUVD-2021-19489

Malware in sbrugna...

EUVD-2007-6720

Malware in sbrugna...

EUVD-2007-1824

Malware in sbrugna...

EUVD-2006-7168

Malware in sbrugna...

EUVD-2014-9284

Malware in sbrugna...

EUVD-2025-8261

Malicious code in bioql PyPI...

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI=alladminusers call...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

CVE-2006-7190

Cross-site scripting XSS vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc...

CVE-2006-7189

Cross-site scripting XSS vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer...

CVE-2025-30073

An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee card...

OPC cardsystems Webapp Aufwertung 安全漏洞

OPC cardsystems Webapp Aufwertung is a billing system from OPC cardsystems, Inc. A security vulnerability exists in OPC cardsystems Webapp Aufwertung version 2.1.0 that stems from a transaction reference that can be reused, potentially resulting in an improper transfer of funds...

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2024-54083

Summary (CVE-2024-54083) Mattermost Server contains an issue where the code fails to properly validate the type of callProps. This allows a user to trigger a client-side Denial of Service on webapp and mobile users within specific channels by sending a specially crafted post. Affected versions in...

Yoga Class Registration System v1.0 - Multiple SQLi

Exploit Title: Yoga Class Registration System v1.0 - Multiple SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Software...

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...