CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

CVE-2021-47699

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

EUVD-2022-29766

Malicious code in bioql PyPI...

EUVD-2025-25727

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-25018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. CVE-2022-25018 Note that Nessus relie...

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

Craft CMS Potential Remote Code Execution via Twig SSTI

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-productio...

GHSA-CRCQ-738G-PQVC Craft CMS Potential Remote Code Execution via Twig SSTI

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment. https://craftcms.com/knowledge-base/securing-craftset-allowAdminChanges-to-false-in-productio...

CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

CVE-2025-57811

Craft CMS vulnerability CVE-2025-57811 is a remote code execution via Twig SSTI affecting Craft 4.x (4.0.0-RC1 through 4.16.5) and 5.x (5.0.0-RC1 through 5.8.6). The issue stems from Twig SSTI and is a follow-up to CVE-2024-52293. Affected versions are patched in Craft 4.16.6 and 5.8.7. If you ru...

PT-2025-34691 · Pixel & Tonic · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 4.0.0-RC1 through 4.16.5 Craft versions 5.0.0-RC1 through 5.8.6 Description: Craft is a platform for creating digital experiences. A remote code execution issue exists due to Server-Side Template Injection SSTI in Twig...

WordPress ProfileGrid Plugin <= 5.8.7 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.7 Fixed in 5.8.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37453 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a60b5a00ba24 Credits Manab Jyoti Dowarah Required...

PT-2022-24315 · Ccm +1 · Ccm +1

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.8.7 Description: The issue is related to a cross-site scripting XSS vulnerability. It affects the ajax.php script in CCM 3.1.5. This vulnerability can be exploited, potentially allowing attackers to inject...

PluXml Cross-Site Scripting Vulnerability (CNVD-2022-73493)

PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...

UBUNTU-CVE-2022-25020

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...

PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

CVE-2021-38602

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2021-38602

PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...