113 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component...
CVE-2026-5244
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
PT-2026-29692
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg tls recv cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has bee...
Cesanta Mongoose 数据伪造问题漏洞
Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose prior to 7.20 contained a data manipulation vulnerability. This...
EUVD-2025-201506
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...
CVE-2025-14111 Rarlab RAR App com.rarlab.rar path traversal
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...
EUVD-2018-14243
Malware in sbrugna...
WordPress WP Import plugin 7.20-7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability
Authenticated Subscriber+ Remote Code Execution via Code Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions 7.20-7.28...
Atlassian Confluence 7.20.x < 8.5.9 Cross-Site Scripting
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...
CVE-2024-4600
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘setparam.cgi’ file...
CVE-2024-4601
CVE-2024-4601 affects Socomec Net Vision (version 7.20) and is described as an improper authentication vulnerability. The root cause is the use of five‑digit integer values, which enables a brute‑force attack to recover a valid session. Multiple connected records (CNVD/CNNVD/NVD variants) corrobo...
CVE-2024-4600 Cross-Site Request Forgery vulnerability in Socomec Net Vision
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘setparam.cgi’ file...
Atlassian Confluence 7.20.x < 8.5.7 Path Traversal
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.20, 7.20.x prior to 8.5.7 or 8.6.x prior to 8.8.1 It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues but...
WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF)
Software W3SPEEDSTER Type Plugin Vulnerable versions = 7.19 Fixed in 7.20 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-24708 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 75264187b158 Credits Nguyen Xuan Chien...
ILIAS < 7.20 XSS Vulnerability
ILIAS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if...
Cross site request forgery (csrf)
SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...
Design/Logic Flaw
SAP Solution Manager Diagnostics agent - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can...
CVE-2023-36925
The CVE-2023-36925 issue affects SAP Solution Manager (Diagnostics agent) v7.20, where insufficient validation of incoming requests allows an unauthenticated attacker to blindly make HTTP requests. This SSRF-style flaw can lead to a limited impact on confidentiality and availability of the SAP So...
CVE-2023-36487
The password reset function in ILIAS 7.0beta1 through 7.20 and 8.0beta1 through 8.1 allows remote attackers to take over the account...
PT-2023-25589 · Ilias · Ilias
Name of the Vulnerable Software and Affected Versions: ILIAS versions 7.0 beta1 through 7.20 ILIAS versions 8.0 beta1 through 8.1 Description: The password reset function allows remote attackers to take over the account. Recommendations: For ILIAS versions 7.0 beta1 through 7.20, consider disabli...