MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

Casdoor 1.13.0 - Unauthenticated SQL Injection

Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. id: CVE-2022-24124 info: name: Casdoor 1.13.0 - Unauthenticated SQL Injection...

phpShowtime 2.0 - Directory Traversal

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via 1 the page parameter to ajax.php or 2 the id parameter to general/pandorahelp.php, and allow remote attackers to include and execute, create, modify, or...

Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr comjoomlaflickr component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1980 info: name: Joomla! Component...

NewStatPress <0.9.9 - Cross-Site Scripting

WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nspsearch.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php. id: CVE-2015-4063 info: nam...

Camtron CMNC-200 IP Camera - Directory Traversal

The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...

Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. dot dot in the 1 file parameter to document.php or 2 backtopage parameter in a create action to comm/action/fiche.php. id:...

nweb2fax <=0.2.7 - Local File Inclusion

nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the varfilename parameter submitted to viewrq.php. id: CVE-2008-6668 info: name: nweb2fax =0.2.7 - Local File Inclusion author: geeknik severity: medium description: nweb2fax...

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

Joomla! MooFAQ 1.0 - Local File Inclusion

Joomla! Ideal MooFAQ 1.0 via commoofaq allows remote attackers to read arbitrary files via a .. dot dot in the file parameter local file inclusion. id: CVE-2009-2015 info: name: Joomla! MooFAQ 1.0 - Local File Inclusion author: daffainfo severity: high description: Joomla! Ideal MooFAQ 1.0 via...

Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting

Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. id: CVE-2018-19877 info: name: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting author: arafatansari severity: medium description: | Adiscon LogAnalyzer before 4.1.7...

WatchGuard Fireware AD Helper Component - Credentials Disclosure

WatchGuard Fireware Threat Detection and Response TDR service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. id: CVE-2020-10532 info: name: WatchGuard Fireware ...

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlistsync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

D-Link DVG-N5402SP - Local File Inclusion

D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. dot dot in the errorpage parameter. id: CVE-2015-7245 info: name: D-Link DVG-N5402SP - Local File Inclusion author:...

Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass

Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in smartgooglecode.php does not check if the...

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)

A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F encoded dot dot sequences in the url parameter. id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion LFI...

Aruba Airwave <8.2.3.1 - Cross-Site Scripting

Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting. id: CVE-2016-8527 info: name: Aruba Airwave 8.2.3.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting...

CVE-2026-0155

CVE-2026-0155 describes an OOB read in ImsMediaBitReader::ReadByteBuffer caused by a missing bounds check. This leads to remote information disclosure without additional execution privileges and requires no user interaction. The CVSS 3.1 vector indicates Network access with low attack complexity ...