๐จ CVE-2025-70218
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70218 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2025-70220
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70220 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70223 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2025-70226
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70226 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2025-70219
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70219 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2025-70221
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
๐@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
๐@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70221 at main ยท akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
๐จ CVE-2022-36125
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
๐@cveNotify
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
๐@cveNotify
๐จ CVE-2021-40030
The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.
๐@cveNotify
The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.
๐@cveNotify
๐จ CVE-2021-40040
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
๐@cveNotify
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
๐@cveNotify
๐จ CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
๐@cveNotify
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
๐@cveNotify
๐จ CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
๐@cveNotify
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
๐@cveNotify
๐จ CVE-2022-30630
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
๐@cveNotify
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
๐@cveNotify
๐จ CVE-2024-52958
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
๐@cveNotify
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2024-52959
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
๐@cveNotify
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2026-28209
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
๐@cveNotify
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
๐@cveNotify
GitHub
Authenticated Command Injection leading to Remote Code Execution in FreePBX Text-to-Speech integration with ElevenLabs
### Summary
A command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the `recordings` module.
**Authentication with a known username is requi...
A command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the `recordings` module.
**Authentication with a known username is requi...
๐จ CVE-2026-28210
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
๐@cveNotify
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
๐@cveNotify
GitHub
Authenticated SQL Injection in CDR (Call Data Record) Reports
### Summary
FreePBX module [cdr](https://github.com/FreePBX/cdr) (Call Data Record) is vulnerable to SQL query injection.
**Authentication with a known username is required.**
### Details
T...
FreePBX module [cdr](https://github.com/FreePBX/cdr) (Call Data Record) is vulnerable to SQL query injection.
**Authentication with a known username is required.**
### Details
T...
๐จ CVE-2026-28284
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
๐@cveNotify
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
๐@cveNotify
GitHub
Authenticated SQL Injection Vulnerabilities in Logfiles Module
### Summary
The FreePBX `logfiles` module contains several authenticated SQL injection vulnerabilities.
**Authentication with a known username is required.**
### Details
Vulnerabilities exi...
The FreePBX `logfiles` module contains several authenticated SQL injection vulnerabilities.
**Authentication with a known username is required.**
### Details
Vulnerabilities exi...
๐จ CVE-2021-31869
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
๐@cveNotify
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
๐@cveNotify
Rapid7
Multiple Open Source Web App Vulnerabilities Fixed | Rapid7 Blog
๐จ CVE-2020-24932
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
๐@cveNotify
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
๐@cveNotify
Exploit Database
Complaint Management System 1.0 - 'cid' SQL Injection
Complaint Management System 1.0 - 'cid' SQL Injection.. webapps exploit for PHP platform
๐จ CVE-2021-25042
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
๐@cveNotify
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
๐@cveNotify
WPScan
WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS
See details on WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS CVE 2021-25042. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
๐@cveNotify
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
๐@cveNotify