WebMO Job Manager 跨站脚本漏洞

WebMO Job Manager is a core control panel for chemical computing software developed by WebMO Corporation. Version 20.0 of WebMO Job Manager contains a cross-site scripting vulnerability. This vulnerability stems from the search parameter, which has a cross-site scripting vulnerability, potentiall...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34440

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks...

CVE-2025-34436

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

CVE-2025-34437 AVideo < 20.1 IDOR Arbitrary Comment Image Upload

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34434

CVE-2025-34434 affects AVideo versions prior to 20.1 with the ImageGallery plugin enabled. The vulnerability arises from image gallery endpoints that fail to enforce authentication and ownership checks, enabling unauthenticated actors to upload or delete images for any video. Red Hat and NVD entr...

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Image Caption Hover Pro versions 20.0...

EUVD-2020-17597

Malware in sbrugna...

Trend Micro Deep Security 后置链接漏洞

Trend Micro Deep Security is a server deep security protection system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security version 20.0 that stems from a link following issue in the anti-malware component that could lead to elevated privileges...

Azure File Sync Agent v20.0 Release – February 2025 (KB5041884)

Update Rollup for Azure File Sync agent version 20.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

CVE-2025-21156

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...

Adobe Dreamweaver 20.0 < 21.0 Privilege Escalation (APSB20-55) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.0. It is, therefore, affected by a vulnerability as referenced in the APSB20-55 advisory. - Dreamweaver version 20.2 and earlier is affected by an uncontrolled search path element vulnerability that could lead to...

CVE-2024-41708

An issue was discovered in AdaCore adawebservices 20.0 allows an attacker to escalate privileges and steal sessions via the RandomString function in the src/core/aws-utils.adb module...

CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers...

Ada Web Server 安全漏洞

Ada Web Server AWS is an AdaCore open source complete framework for developing web-based applications in Ada. A security vulnerability exists in Ada Web Server version 20.0 that stems from the fact that the SSL/TLS used to establish a connection to an external service is not properly hostname...

Improper access control

An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...

Trend Micro Deep Security Security Vulnerabilities

Trend Micro Deep Security is a server deep security system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security version 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. It could allow a local attacker to elevate privileges on an affected...

PT-2023-26613 · Follett · Follett Destiny

Name of the Vulnerable Software and Affected Versions: Follet Learning Solutions Destiny versions through 20.0 1U Description: A Cross Site Scripting XSS issue exists, allowing exploitation via the "handlewpesearchform.do" endpoint, specifically through the searchString variable. Recommendations:...