๐จ CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
๐@cveNotify
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
๐@cveNotify
๐จ CVE-2022-30630
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
๐@cveNotify
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
๐@cveNotify
๐จ CVE-2024-52958
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
๐@cveNotify
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2024-52959
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
๐@cveNotify
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2026-28209
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
๐@cveNotify
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
๐@cveNotify
GitHub
Authenticated Command Injection leading to Remote Code Execution in FreePBX Text-to-Speech integration with ElevenLabs
### Summary
A command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the `recordings` module.
**Authentication with a known username is requi...
A command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the `recordings` module.
**Authentication with a known username is requi...
๐จ CVE-2026-28210
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
๐@cveNotify
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
๐@cveNotify
GitHub
Authenticated SQL Injection in CDR (Call Data Record) Reports
### Summary
FreePBX module [cdr](https://github.com/FreePBX/cdr) (Call Data Record) is vulnerable to SQL query injection.
**Authentication with a known username is required.**
### Details
T...
FreePBX module [cdr](https://github.com/FreePBX/cdr) (Call Data Record) is vulnerable to SQL query injection.
**Authentication with a known username is required.**
### Details
T...
๐จ CVE-2026-28284
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
๐@cveNotify
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
๐@cveNotify
GitHub
Authenticated SQL Injection Vulnerabilities in Logfiles Module
### Summary
The FreePBX `logfiles` module contains several authenticated SQL injection vulnerabilities.
**Authentication with a known username is required.**
### Details
Vulnerabilities exi...
The FreePBX `logfiles` module contains several authenticated SQL injection vulnerabilities.
**Authentication with a known username is required.**
### Details
Vulnerabilities exi...
๐จ CVE-2021-31869
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
๐@cveNotify
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
๐@cveNotify
Rapid7
Multiple Open Source Web App Vulnerabilities Fixed | Rapid7 Blog
๐จ CVE-2020-24932
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
๐@cveNotify
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
๐@cveNotify
Exploit Database
Complaint Management System 1.0 - 'cid' SQL Injection
Complaint Management System 1.0 - 'cid' SQL Injection.. webapps exploit for PHP platform
๐จ CVE-2021-25042
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
๐@cveNotify
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
๐@cveNotify
WPScan
WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS
See details on WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS CVE 2021-25042. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
๐@cveNotify
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
๐@cveNotify
๐จ CVE-2022-2719
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
๐@cveNotify
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
๐@cveNotify
๐จ CVE-2022-30629
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
๐@cveNotify
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
๐@cveNotify
๐จ CVE-2022-32148
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
๐@cveNotify
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
๐@cveNotify
๐จ CVE-2022-37007
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.
๐@cveNotify
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.
๐@cveNotify
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
โค1
๐จ CVE-2025-66607
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The response header
contains an insecure setting. Users could be redirected to malicious sites by
an attacker.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The response header
contains an insecure setting. Users could be redirected to malicious sites by
an attacker.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66608
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate URLs. An attacker could send specially crafted requests to
steal files from the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate URLs. An attacker could send specially crafted requests to
steal files from the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66594
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Detailed messages are displayed on the error
page. This information could be exploited by an attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Detailed messages are displayed on the error
page. This information could be exploited by an attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66595
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product is
vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link
crafted by an attacker, the userโs account could be compromised.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product is
vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link
crafted by an attacker, the userโs account could be compromised.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66596
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate request headers. When an attacker inserts an invalid host
header, users could be redirected to malicious sites.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate request headers. When an attacker inserts an invalid host
header, users could be redirected to malicious sites.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify