| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file. |
| Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise. |
| A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results. |
| A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. |
| In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. |
| In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number. |
| phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17. |
| Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication. |
| Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication. |
| A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. |
| A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.This issue affects Travelers' Map: from n/a through <= 2.3.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6. |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through <= 10.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through <= 1.0.11. |
| Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access. |
| Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup. |
