103 matches found
CVE-2026-20141
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...
WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin WooCommerce versions = 10.0.2...
EUVD-2022-38794
Malicious code in bioql PyPI...
EUVD-2022-3140
Malicious code in bioql PyPI...
EUVD-2022-52767
Malicious code in bioql PyPI...
EUVD-2025-10386
Malicious code in bioql PyPI...
s-cart 安全漏洞
s-cart is a Php-based e-commerce management platform from the s-cart community. A security vulnerability exists in s-cart 10.0.3 and earlier versions, which stems from an insufficient validation of the User-Agent header and could lead to a stored cross-site scripting attack...
Linux Distros Unpatched Vulnerability : CVE-2022-35945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
Linux Distros Unpatched Vulnerability : CVE-2022-31143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
Linux Distros Unpatched Vulnerability : CVE-2022-36112
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
Linux Distros Unpatched Vulnerability : CVE-2022-35946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
Linux Distros Unpatched Vulnerability : CVE-2019-19211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. CVE-2019-19211 Note that Nessus relies on the presence of...
Linux Distros Unpatched Vulnerability : CVE-2022-35947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
qemu-10.0.3-1.1 on GA media (moderate)
qemu-10.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15437-1 Rating: moderate Cross-References: CVE-2025-54566 CVSS scores: CVE-2025-54566 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-54566 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...
Linux Distros Unpatched Vulnerability : CVE-2025-54566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hw/pci/pciesriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. CVE-2025-54566 Note that Nessus relies on the...
CVE-2025-32028
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...
CVE-2025-32028
CVE-2025-32028 affects HAX CMS PHP. The issue lies in the save() function in HAXCMSFile.php, which blocks only a non-exhaustive list of file types (.php, .sh, .js, .css); the logic is described as fail-open, enabling insecure file uploads. This can lead to remote code execution as described acros...
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution
HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...
Apache Traffic Server Access Control Error Vulnerability
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A security vulnerability exists in Apache Traffic Server versions 10.0.0 through 10.0.3, and no detailed vulnerability details are provided at this time...