131 matches found
EUVD-2021-32715
Malicious code in bioql PyPI...
EUVD-2021-28217
Malicious code in bioql PyPI...
CVE-2025-41039
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-41045
appRain CMF 4.0.5 contains a stored authenticated XSS flaw due to improper validation of input in data[sconfig][ethical_licensekey] at /apprain/admin/config/ethical. Impact is client-side script execution in victims’ browsers; no fixed version is listed. Remediation is not provided in the sources...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
PT-2025-34609 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04 through 23.04.7 Mahara versions 24.04 through 24.04.2 Description: An issue exists in Mahara where the About, Contact, and Help footer links are susceptible to Cross Site Scripting XSS due to insufficient input...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
Cisco ISE 3.0 - Authorization Bypass
Exploit Title: Cisco ISE 3.0 - Authorization Bypass Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Authorization Bypass CVE: CVE-2025-20125 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
CVE-2025-46123
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint /admin/conf.jsp writes the Wi-Fi guest password to memory with snprintf using the attacker-supplied...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
CVE-2023-21848
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
CVE-2020-35126
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...
CVE-2017-15808
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...
OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020
Provides OAuth2 server functionality based on the oauth2-server-php library. The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminconfig.php?action=save&varid=32 does not adequately verify whether the request is from a trusted user , an...
Vulnerabilities fixed in Cisco Expressway
Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...