MINI-2749-HP7H-JPFC

Bulletin has no description...

CVE-2026-2749

creationtimestamp| type| source ---|---|--- 2026-02-24 14:35:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfmfa7owb324 2026-02-26 14:40:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfrggn5ko524 2026-02-27 14:10:14+00:00| seen|...

MiracleLinux 3 : dhcp-3.0.5-29.1.0.1.AXS3 (AXSA:2011-306:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-306:02 advisory. DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration...

CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2025-2749

creationtimestamp| type| source ---|---|--- 2025-03-24 19:23:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8502 2025-03-24 22:35:06+00:00| seen| https://t.me/cvedetector/20994 2025-03-24 22:39:53+00:00| seen|...

CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2025-2749

CVE-2025-2749 affects Kentico Xperience versions up to and including 13.0.178, where an authenticated Staging Sync Server can upload data to path-relative locations, causing path traversal and arbitrary file uploads that can lead to remote code execution. Root cause is authenticated path traversa...

CVE-2025-2749 Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2023-2749

creationtimestamp| type| source ---|---|--- 2025-01-09 21:15:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1069...

CVE-2024-2749 VikBooking < 1.6.8 - Broken Access Control

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...

CVE-2024-2749 VikBooking < 1.6.8 - Broken Access Control

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...

Ubuntu 16.04 ESM : Drupal vulnerabilities (USN-4773-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4773-1 advisory. It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely...

SUSE SLES15 / openSUSE 15 Security Update : iniparser (SUSE-SU-2023:2749-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2749-1 advisory. - iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparsergetlongint which misses check NULL for functio...

CVE-2023-2749

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...

CVE-2023-2749 A Gain Information vulnerability was found on Download Center.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...

CVE-2023-2749

CVE-2023-2749 affects ASUSTOR ADM 4.0+ Download Center, where improper validation of the user-submitted file path could allow an attacker to access sensitive files or directories without proper permissions. Affected versions include Download Center 1.1.5.r1280 and below. The public sources descri...

CVE-2022-2749

creationtimestamp| type| source ---|---|--- 2022-08-11 12:31:57+00:00| seen| https://t.me/cibsecurity/47934...

CVE-2022-2749 SourceCodester Gym Management System unrestricted upload

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?viewexercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The...

CVE-2022-2749

CVE-2022-2749 affects SourceCodester Gym Management System. Affected component: /mygym/admin/index.php?view_exercises. Root cause: manipulation leads to unrestricted file upload. Impact: allows remote attacker to upload arbitrary files; described as critical with HIGH base score in NVD metrics. E...

Mageia: Security Advisory (MGASA-2015-0121)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...