CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

CVE-2025-32942

SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic...

CVE-2025-32942

SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic...

CVE-2025-46732

OpenCTI prior to 6.6.6 is affected by an IDOR in GraphQL mutations NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation. An authenticated user can read, modify, or delete another user’s notifications if they know the notification UUID; changing read status m...

Lychee 路径遍历漏洞

Lychee is a beautiful and easy to use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A path traversal vulnerability exists in Lychee versions prior to 6.6.6 through 6.6.10, which stems from path traversal and could lead to local file...

Apereo CAS vulnerable to credential leaks for LDAP authentication

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

[SECURITY] Fedora 38 Update: kernel-6.6.6-100.fc38

The kernel meta package...

[SECURITY] Fedora 39 Update: kernel-6.6.6-200.fc39

The kernel meta package...

Authentication flaw

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2016-15023

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this...

Path traversal

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this...

PT-2023-10342 · Unknown · Sitefusion Application Server

Name of the Vulnerable Software and Affected Versions: SiteFusion Application Server versions up to 6.6.6 Description: A problematic issue was found in the file getextension.php of the Extension Handler component, leading to path traversal. The estimated number of potentially affected devices...

GHSA-J346-H5WC-RW2M Incorrect Authorization in Apache Solr

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all...

GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo

faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...

aaPanel 6.6.6 Privilege Escalation

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

PT-2020-13996 · Aapanel · Aapanel

Name of the Vulnerable Software and Affected Versions: aaPanel versions 6.6.6 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script...

XSS Vulnerability in Code Block Macro

h3. Summary There appears to be an XSS vulnerability when using the powershell syntax from within the Confluence Code Block Macro h3. Environment Confluence 6.6.6 h3. Steps to Reproduce Create a test page add macros code block select language=powershell enter...