An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of W…

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `…

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() funct…

Service Control vulnerabilities allow access to service restart requests and vm configuration s…

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged databas…

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavli…

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, …

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup…

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup…

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized c…

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functio…

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functio…

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionali…

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionali…

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup…

Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions…

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functio…

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionali…

Some API functions allow interaction with the registry, which includes reading values as well a…

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility …

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute …

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the …

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prio…

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gh…

Unauthenticated attackers can send configuration settings to device and possible perform physic…

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the fol…

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that…

The security module has configuration defects.Successful exploitation of this vulnerability may…

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is ru…

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the d…

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment varia…

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensi…

Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerab…

Information Disclosure vulnerabilities allow access to application configuration information.  …

A vulnerability exists by allowing low-privileged users to read and update the data in various…

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerabili…

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0…

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a mis…

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS…

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and L…