strongSwan CVE-2026-25075 Vulnerability Assessment Tool

This tool allows you to safely detect whether a strongSwan VPN server is vulnerable to CVE-2026-25075 without causing any disruption. CVE-2026-25075 is an integer underflow vulnerability in strongSwan's EAP-TTLS plugin that allows remote, unauthenticated attackers to crash the IKE daemon through ...

CVE-2026-32609

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-25484 Craft Commerce has Stored XSS in Product Type Name

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input source is in Commerce Product Type setting...

Linux Distros Unpatched Vulnerability : CVE-2021-46088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the Zabbix Admin role is able to run custom shell script on the...

Veeam Recovery Orchestrator Vulnerability ( CVE-2024-22021 |  CVE-2024-22022 )

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

nodejs:14 security and bug fix update

nodejs 1:14.20.0-2 - Replace with macros with RPM confitionals - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping - Resolves: RHBZ2111417 1:14.20.0-1 - Rebase to latest version - Resolves: RHBZ2106367 - CVE fixes for...

2345 Security Guard suffers from a local power lifting vulnerability

2345 Security Guard is the security software of Shanghai 2-3-4-5 Network Technology Co. 2345 Security Guard has a local access vulnerability, which can be exploited by an attacker to gain control of the server...

Cisco 7937G Denial Of Service / Privilege Escalation

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...

Cisco 7937G - DoS/Privilege Escalation Exploit

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...

Cisco 7937G - DoS/Privilege Escalation

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...

Cisco 7937G Denial of Service Vulnerability

The Cisco 7937G is an online conferencing endpoint device from Cisco USA. A security vulnerability exists in the Cisco 7937G versions 1-4-4-0 through 1-4-5-7. An attacker could exploit the vulnerability to cause a denial of service...

CVE-2020-16139

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better...

Cisco 7937G Input Validation Error Vulnerability

The Cisco 7937G is an online conferencing endpoint device from Cisco USA. A security vulnerability exists in the Cisco 7937G versions 1-4-4-0 through 1-4-5-7. An attacker could exploit the vulnerability to cause a denial of service...

Cisco 7937G Privilege Escalation

Exploit Title: Cisco 7937G Prvilege Escalation MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'singlescanner', 'options': 'rhost': 'type': 'address', 'description': 'Target...

PT-2020-14769 · Cisco · Cisco Unified Ip Conference Station 7937G

Name of the Vulnerable Software and Affected Versions: Cisco Unified IP Conference Station 7937G versions 1-4-4-0 through 1-4-5-7 Description: A privilege escalation issue allows attackers to reset the credentials for the SSH administrative console to arbitrary values. The product is end of life...

4-5-mei.nl XSS vulnerability

Open Bug Bounty ID: OBB-705756 Description| Value ---|--- Affected Website:| 4-5-mei.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...

Squirrelmail 1.4.22 Remote Code Execution

Advisory ID: SGMA17-001 Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: [email protected] CVE: CVE-2017-7692 Vendor notification: 2017-04-04 Vendor fix:...

RHEL 5 / 6 : Red Hat JBoss Enterprise Application Platform 5.2.0 (RHSA-2014:1321)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1321 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with...

Oracle Linux 5 / 6 : cyrus-imapd (ELSA-2011-0859)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0859 advisory. 2.3.16-6.2 - do not use strict aliasing 2.3.16-6.1 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability Tenable has extracted the precedi...

RHEL 6 : firefox (RHSA-2011:1437)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1437 advisory. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the w...