CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

The advisory concerns CVE-2026-26033 affecting UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The vulnerability is CWE-428 Unquoted Search Path/Element, allowing a user with write access to a system drive directory to execute arbitrary code with SYSTEM privileges. Affected component i...

CVE-2026-26033

creationtimestamp| type| source ---|---|--- 2026-03-04 03:00:00+00:00| seen| https://jvn.jp/en/jp/JVN56544509/ 2026-03-05 06:15:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgc5j6gwfy2v...

CVE-2023-26033

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...

CVE-2024-26033

creationtimestamp| type| source ---|---|--- 2024-03-18 19:27:17+00:00| seen| https://t.me/ctinow/210874...

CVE-2024-26033

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26033

Adobe Experience Manager (AEM) versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The root cause is a stored XSS condition that could allow an attacker to inject malicious JavaScript, which may execute in a user’s browser when ...

CVE-2024-26033 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...

CVE-2023-26033

Gentoo soko (packages.gentoo.org) is vulnerable to SQL injection in versions prior to 1.0.1, exploitable via the Recently Visited Packages search_history cookie. Attackers can alter the cookie (base64-encoded comma list of atoms) to inject SQL into atom = '%s' queries, potentially wiping or alter...

CVE-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

Joomla! 3.x < 3.9.27 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...

CVE-2020-26033

creationtimestamp| type| source ---|---|--- 2020-12-28 12:28:23+00:00| seen| https://t.me/cibsecurity/21331...

CVE-2020-26033

CVE-2020-26033 affects Zammad prior to version 3.4.1, where the Tag and Link REST API endpoints (add and delete) do not perform CSRF token validation. Connected sources corroborate a CSRF vulnerability in the labeling/linking REST paths, with broader references noting fixes in newer releases (e.g...