EUVD-2026-23108

ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions...

CVE-2026-33889

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the...

CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...

Security Advisory 0127

Security Advisory 0127 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-8873 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSSv4.0 Base Score 8.7...

CVE-2019-19990

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2020-14669)

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A cross-site scripting vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can...

Selesta Visual Access Manager Buffer Overflow Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A security vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29, which results from the program failing to check for parameters, destination paths, or extensions used to specify the name of t...

Selesta Visual Access Manager Directory Traversal Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A security vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. An attacker can exploit the vulnerability by sending arbitrary content to obtain the full path...

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A SQL injection vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. An attacker can exploit the vulnerability by injecting the 'persoid' parameter into the /tools/VamPersonPhoto.php file to...

CVE-2019-19994

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vammonitorsap.php...

Design/Logic Flaw

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...

CVE-2019-19988

The CVE-2019-19988 issue affects Selesta Visual Access Manager (VAM) versions 4.15.0–4.29. An authenticated user can create and write arbitrary files on the filesystem via the web interface, by manipulating the file name, destination path, or extension in /common/vam_editXml.php. The vulnerable p...

CVE-2019-19990

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...

Travel Portal Script 9.37 Cross Site Scripting / SQL Injection Vulnerabilities

Travel Portal Script version 9.37 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title : Travel Portal Script v9.37 - Multiple Vulnerability Google Dork : - Date : 23/02/2017 Exploit Author : Marc Castejon Vendor Homepage :...

Itech B2B Script 4.29 - Multiple Vulnerabilities

Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability Google Dork : - Date : 12/02/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/b2b-script/ Software Link: http://b2b.itechscripts.com Type : webapps Platform: PHP Version: 4.29 Sofware Price and De...

Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability

SIPROTEC 4 and SIPROTEC Compact devices provide a wide range of centralized protection, control and automation functions for substations and other applications. An authentication bypass vulnerability exists in Siemens SIPROTEC 4, SIPROTEC Compact devices, versions prior to EN100 Ethernet 4.29. A...

stunnel security update

4.29-3 Resolves: CVE-2013-1762...