14 matches found
CVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...
CVE-2022-36065
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
CVE-2020-36065
Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...
CVE-2020-36065
Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...
CVE-2020-36065
CVE-2020-36065 (FlyCms 1.0) describes a CSRF vulnerability in the FlyCms 1.0 platform that lets an attacker add arbitrary administrator accounts via the endpoint at system/admin/admin_save. The root cause is a CSRF weakness in the admin creation flow, enabling privilege escalation. Reported impac...
CVE-2022-36065
creationtimestamp| type| source ---|---|--- 2022-09-07 00:13:43+00:00| seen| https://t.me/cibsecurity/49392...
CVE-2022-36065
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
CVE-2022-36065
GrowthBook (self-hosted) prior to 2022-08-29 is affected by an account creation and arbitrary file-upload vulnerability that can lead to remote code execution if a Python script is uploaded to an arbitrary directory inside the container. Exploitation requires all of: self-hosted deployment (Growt...
CVE-2021-36065 Adobe Photoshop Heap-Based Buffer Overflow Could Lead To Arbitrary Code Execution
Adobe Photoshop versions 21.2.10 and earlier and 22.4.3 and earlier are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...
CVE-2021-36065
Adobe Photoshop with CVE-2021-36065 (and CVE-2021-36066) is affected by a heap-based buffer overflow and an out-of-bounds write in versions 21.2.10 and earlier, and 22.4.3 and earlier. The root causes are memory corruption vulnerabilities that could allow arbitrary code execution in the context o...
Adobe Photoshop 21.x < 21.2.11 / 22.x < 22.5 Multiple Vulnerabilities (macOS APSB21-68)
The version of Adobe Photoshop installed on the remote macOS or Mac OS X host is prior to 21.2.11/22.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-68 advisory. - Adobe Photoshop versions 21.2.10 and earlier and 22.4.3 and earlier are affected by an...
WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-36065)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...