CVE-2026-7201

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...

CVE-2026-7201

creationtimestamp| type| source ---|---|--- 2026-06-03 01:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndvujfwwn2r 2026-06-04 19:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mniepotnt52e 2026-06-05 10:19:13+00:00| seen|...

CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...

MiracleLinux 7 : firefox-38.5.0-3.0.1.el7.AXS7 (AXSA:2015-966:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-966:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

RockyLinux 9 : corosync (RLSA-2025:7201)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7201 advisory. corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 Tenable has extracted the preceding description block directly from the RockyLinux...

MAL-2025-7201 Malicious code in @crabas0npm/commodi-expedita-amet (npm)

The package @crabas0npm/commodi-expedita-amet was found to contain malicious code...

CVE-2023-7201

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2008-7201

Lantronix MSS485-T allows remote attackers to cause a denial of service unstable performance and service loss via certain vulnerability scans, as demonstrated using 1 Nessus and 2 nmap...

CVE-2024-7201

creationtimestamp| type| source ---|---|--- 2024-07-29 06:15:18+00:00| seen| https://t.me/cvedetector/1794...

CVE-2024-7201

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7201 Simopro Technology WinMatrix3 Web package - SQL Injection

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2023-7201 Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2023-7201

CVE-2023-7201 affects the Everest Backup WordPress plugin (versions prior to 2.2.5). The flaw allows high-privilege users (e.g., admin) to upload arbitrary files due to improper validation, including in multisite setups. Red Hat and CVE sources corroborate the same description. Remediation: upgra...

WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload

Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...

RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

Malicious code in wlwz-2312-7201 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b2a12072c7d0115cea54d40893e9ff1d8434df287859edd2cd1c69e1c3dac19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-819 Malicious code in wlwz-2312-7201 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b2a12072c7d0115cea54d40893e9ff1d8434df287859edd2cd1c69e1c3dac19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Information disclosure

Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure...

CVE-2023-38332

Summary: Zoho ManageEngine ADManager Plus up to version 7.2 Build 7201 contains an unauthorized access vulnerability that could allow an authenticated user to take over another user’s account via sensitive information disclosure. Root cause / impact: improper access control enabling account takeo...