Через архив — к системе: в WinRAR нашли лазейку для атак
WinRAR позволял запускать код без защиты Windows.
Aggregator
Submit #549199: Tenda RX3 RX3 Firmware V16.03.13.11_multi Buffer Overflow [Accepted]
8 months 1 week ago
Submit #549199 / VDB-303329
syuvi
Submit #549186: PHPGurukul Old Age Home Management System 1.0 SQL Injection [Accepted]
8 months 1 week ago
Submit #549186 / VDB-303328
joke_umbrella
Submit #549152: SeaCMS 13.3 Path Traversal [Duplicate]
8 months 1 week ago
Submit #549152 / VDB-275607
badboy
Submit #549147: SeaCMS 13.3 arbitrary file read [Duplicate]
8 months 1 week ago
Submit #549147 / VDB-275607
badboy
Submit #549014: seaCMS 13.3 Arbitrary File Deletion [Duplicate]
8 months 1 week ago
Submit #549014 / VDB-275607
badboy
JVN: 複数のABB製品における複数の脆弱性
8 months 1 week ago
ABBが提供する複数の製品には、複数の脆弱性が存在します。
JVN: B&R製APROLにおける複数の脆弱性
8 months 1 week ago
B&Rが提供するAPROLには、複数の脆弱性が存在します。
Submit #549011: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Cross-Site Request Forgery [Accepted]
8 months 1 week ago
Submit #549011 / VDB-303327
Caigo
Submit #549009: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Horizontal privilege escalation vulnerability [Accepted]
8 months 1 week ago
Submit #549009 / VDB-303326
Caigo
Submit #548986: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Improper Access Controls [Accepted]
8 months 1 week ago
Submit #548986 / VDB-303325
Caigo
Submit #548979: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Server-Side Request Forgery (SSRF) [Accepted]
8 months 1 week ago
Submit #548979 / VDB-303324
Caigo
Submit #548978: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Stored Cross-Site Scripting [Accepted]
8 months 1 week ago
Submit #548978 / VDB-303323
Caigo
Submit #548976: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Stored Cross-Site Scripting [Accepted]
8 months 1 week ago
Submit #548976 / VDB-303322
Caigo
Submit #548971: https://gitee.com/xujiangfei/admintwo admintwo 1.0 Stored Cross-Site Scripting [Accepted]
8 months 1 week ago
Submit #548971 / VDB-303321
Caigo
CVE-2025-3249 | TOTOLINK A6000R 1.0.1-B20201211.2000 mtkwifi.lua apcli_cancel_wps command injection
8 months 1 week ago
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection.
This vulnerability is known as CVE-2025-3249. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #546132: eladmin v2.7 Mysql_JDBC arbitrary file reading vulnerability [Accepted]
8 months 1 week ago
Submit #546132 / VDB-303320
007y
RISC-V укусил x86: Китай больше не играет по правилам
8 months 1 week ago
«Сделано в Китае» теперь и в мозгах серверов.
CVE-2025-2159 | M-Files Admin prior 25.3.14681.7 on Windows Desktop UI cross site scripting
8 months 1 week ago
A vulnerability classified as problematic has been found in M-Files Admin on Windows. Affected is an unknown function of the component Desktop UI. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-2159. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-3087 | M-Files Web 25.1.14445.5/25.2.14524.4 cross site scripting
8 months 1 week ago
A vulnerability was found in M-Files Web 25.1.14445.5/25.2.14524.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-3087. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com