Lucene search
K

45 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-44092

Name of the Vulnerable Software and Affected Versions weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin versions prior to 2.1.3 Description The plugin fails to properly escape a user-supplied parameter before reflecting it into an...

5.5AI score0.00215EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.125 views

📄 NCR Command Center Agent 16.3 Remote Command Execution

Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...

10CVSS9AI score0.87383EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : podman-4.9.4-3.el9 (AXSA:2024-8089:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8089:04 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.6CVSS6.8AI score0.01262EPSS
Exploits0References3
Metasploit
Metasploit
added 2025/10/30 6:54 p.m.478 views

NCR Command Center Agent Remote Code Execution

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...

10CVSS8.1AI score0.87383EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/10/30 12:0 a.m.205 views

📄 NCR Command Center Agent 16.3 Remote Code Execution

CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

10CVSS7.5AI score0.87383EPSS
Exploits3
Circl
Circl
added 2025/08/16 7:5 a.m.5 views

CVE-2025-8089

creationtimestamp| type| source ---|---|--- 2025-08-16 07:05:56+00:00| seen| Telegram/XOeZnnwtog5Xm0eJTP7Usf2xMEM4HAKoGUZyiYXKdryGv8w...

5.4CVSS4.8AI score0.00222EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/16 6:39 a.m.8 views

CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS0.00222EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/16 2:11 a.m.5 views

WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...

5.4CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 p.m.4 views

CVE-2020-8089

Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the grouplist page...

5.4CVSS5.5AI score0.00552EPSS
Exploits1References1
Circl
Circl
added 2024/08/23 2:54 a.m.4 views

CVE-2024-8089

creationtimestamp| type| source ---|---|--- 2024-08-23 02:54:45+00:00| seen| https://t.me/cvedetector/3972...

9.8CVSS6.2AI score0.00697EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/22 11:31 p.m.33 views

CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload

A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack...

6.5CVSS0.00697EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/08/22 11:31 p.m.18 views

CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload

A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack...

6.5CVSS6.9AI score0.00697EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

FreePBX 安全漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX that stems from the addition of the AMPDBUSER, AMPDBPASS, AMPMGRUSER,...

8.1CVSS7.6AI score0.00649EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.132 views

Debian: Security Advisory (DLA-251-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.02802EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0434)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0255EPSS
Exploits1References7
OSV
OSV
added 2021/02/07 8:15 p.m.5 views

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

9.8CVSS7.5AI score0.87383EPSS
Exploits3References3
Prion
Prion
added 2021/02/07 8:15 p.m.18 views

Design/Logic Flaw

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

10CVSS9.7AI score0.87383EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/07 12:0 a.m.7 views

PT-2021-19204

Name of the Vulnerable Software and Affected Versions NCR Command Center Agent version 16.3 Description The issue allows for the remote, unauthenticated execution of an arbitrary command as SYSTEM. This is achieved by submitting a runCommand parameter within an XML document sent to port 8089. The...

10CVSS9.5AI score0.87383EPSS
Exploits3References13
VulnCheck KEV
VulnCheck KEV
added 2021/02/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

10CVSS7.6AI score0.87383EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/02/07 12:0 a.m.8 views

NCR Command Center Agent Operating System Command Injection Vulnerability

NCR Aloha Essentials is the mobile POS enabled hardware from NCR USA. It provides an end-to-end restaurant management platform A security vulnerability exists in the CMCAgent in NCR Command Center Agent 16.3, which originates from allowing submission of the runCommand parameter in an XML document...

10CVSS7.5AI score0.87383EPSS
Exploits3References4
Rows per page
Query Builder