Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

web — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in web, with AI-generated Chinese analysis, references, and POCs.

Vendor: uTorrent

CVE IDTitleCVSSSeverityPaused
CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js CWE-79 3.1 Low2026-04-06
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection CWE-79 5.4 Medium2026-04-06
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard CWE-79 3.4 Low2026-04-06
CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js CWE-79 6.1 Medium2026-04-06
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability CWE-78 9.8 -2026-03-27
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table CWE-20 5.4 Medium2026-02-19
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute CWE-20 5.4 Medium2026-02-19
CVE-2025-55064 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE-79 4.8 Medium2025-12-29
CVE-2025-55063 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE-79 4.8 Medium2025-12-29
CVE-2025-55062 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE-79 4.8 Medium2025-12-29
CVE-2025-55061 Priority - CWE-434 Unrestricted Upload of File with Dangerous Type CWE-434 8.8 High2025-12-29
CVE-2025-55060 Priority - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-601 6.1 Medium2025-12-29
CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection CWE-93 8.2 High2025-10-27
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page CWE-79 6.1AIMediumAI2025-10-27
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field) CWE-79 5.4AIMediumAI2025-10-27
CVE-2025-6791 Second order SQL injection available to user with low privilege CWE-89 8.8 High2025-08-22
CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page CWE-89 7.2 High2025-08-22
CVE-2025-8744 CesiumLab Web lodmodels sql injection CWE-89 7.3 High2025-08-08
CVE-2025-8220 Engeman Web Password Recovery RecoveryPass sql injection CWE-89 7.3 High2025-07-27
CVE-2025-34087 Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution CWE-78 7.2AIHighAI2025-07-03
CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. CWE-755 4.9 Medium2025-05-13
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. CWE-434 8.4 High2025-05-13
CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG CWE-79 8.4 High2025-05-13
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web CWE-863 7.2 High2025-05-13
CVE-2022-4730 Graphite Web Absolute Time Range cross site scripting CWE-707 3.5 Low2022-12-24
CVE-2022-4729 Graphite Web Template Name cross site scripting CWE-707 3.5 Low2022-12-24
CVE-2022-4728 Graphite Web Cookie cross site scripting CWE-707 3.5 Low2022-12-24
CVE-2018-25040 uTorrent Web HTTP RPC Server privileges management CWE-269 6.3 Medium2022-06-17

All 28 known CVE vulnerabilities affecting web with full Chinese analysis, references, and POCs where available.