CVE-2019-11536

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...

Linux Distros Unpatched Vulnerability : CVE-2025-27232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability

Talos Vulnerability Report TALOS-2024-2118 Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability December 1, 2025 CVE Number CVE-2024-49572 SUMMARY A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A...

EUVD-2020-2912

Malware in sbrugna...

EUVD-2020-3012

Malware in sbrugna...

EUVD-2021-23774

Malware in sbrugna...

EUVD-2021-12694

Malware in sbrugna...

EUVD-2022-0765

Malicious code in bioql PyPI...

EUVD-2024-23277

Malicious code in bioql PyPI...

EUVD-2022-6845

Malicious code in bioql PyPI...

PHP Exec, PHP Command Shell, Find Sock

Execute a PHP payload as an OS command from a Posix-compatible shell. Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless...

CVE-2020-3657

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

PT-2025-21143 · Schneider Electric · Modicon Controllers M241 +3

Name of the Vulnerable Software and Affected Versions: Modicon Controllers M241 / M251 versions prior to 5.3.12.48 Modicon Controllers M258 / LMC058 all versions Description: A vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates the...

UBUNTU-CVE-2024-34002

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2024-25975

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

CVE-2024-25975 Arbitrary File Overwrite

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

GHSA-X832-R2RJ-4G5P SSRF in Kitodo.Presentation

An issue was discovered in the Kitodo.Presentation aka dlf extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...