A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedS...

A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack...

A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument ...

A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulati...

A race condition was identified through which privilege escalation was possible in certain configurations.

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The pre...

Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt.

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted in...

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.

A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via u...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-92...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 all...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 al...

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 all...