CVE-2025-12811

Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...

CVE-2025-12811

Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...

CVE-2025-12811

CVE-2025-12811 affects Delinea Cloud Suite and Privileged Access Service with an HTTP Request Smuggling flaw (Improper Inconsistent Interpretation of HTTP Requests). The CVSS v4.0 base score is 6.9 (Medium) with network attack vector, low attack complexity, no privileges, and no user interaction ...

PT-2026-20542

Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...

EUVD-2023-60207

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

CVE-2023-53923 UliCMS 2023.1 Privilege Escalation via Unauthenticated Admin Account Creation

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

UliCMS 跨站脚本漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A cross-site scripting vulnerability exists in UliCMS version 2023.1, which stems from the fact that an attacker can upload a malicious SVG file with embedded...

UliCMS 安全漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...

PT-2025-51962

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1-sniffing-vicuna Description The software contains a remote code execution issue that allows authenticated attackers to upload PHP files with a .phar extension during profile avatar uploads. Attackers can execute code by...

CVE-2025-35062

Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...

EUVD-2025-33574

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

CVE-2025-35062

Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...

CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access

Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...

CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access

Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...

CVE-2025-35062

Newforma Info Exchange (NIX) before version 2023.1 allows anonymous authentication by default, enabling an unauthenticated attacker to exploit additional vulnerabilities that require authentication. Related sources describe bypass and file-read/upload issues tied to authenticated access and the p...

PT-2025-41478

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX versions prior to 2023.1, by default, permit anonymous authentication. This allows an unauthenticated attacker to exploit further issues that typically...

PT-2025-41469

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX allows authenticated users to read and delete arbitrary files with 'NT AUTHORITYNetworkService' privileges through requests to the...

CVE-2023-24592

Path traversal in the some IntelR oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-35860

A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...

CVE-2023-35859

A Reflected Cross-Site Scripting XSS vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters...