Exploit for Server-Side Request Forgery in Apache Axis

Axis1.4 CVE-2019-0227 Remote Command Execution Vulnerability E...

ai.pipestream:account-service (>=0.0.2 <=0.0.4), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.8) +435 more potentially affected by CVE-2026-33558 via org.apache.kafka:kafka-clients (=4.0.0)

org.apache.kafka:kafka-clients MAVEN version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kafka:kafka-clients and may be impacted: - ai.pipestream:account-service =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.2.7, =0.1.7, =0.0.6,...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

CVE-2026-1680

Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...

CVE-2026-1680 Local Privilege Escalation in Local Admin Service

Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...

CVE-2026-1680

Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...

CVE-2026-1680

CVE-2026-1680 affects Edgemo (now Danoffice IT) Local Admin Service 1.2.7.23180 on Windows. The issue is an improper access control in the WCF endpoint, enabling a local user to escalate privileges to local administrator by directly communicating with the LocalAdminService.exe named pipe, bypassi...

PT-2026-5382

Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...

Danoffice IT Edgemo Local Admin Service has security vulnerabilities

Danoffice IT Edgemo Local Admin Service is a local administrator permission management tool provided by the Danish company Danoffice IT. Version 1.2.7.23180 of Danoffice IT Edgemo Local Admin Service contains a security vulnerability. This vulnerability stems from improper access control of WCF...

ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +39 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=1.0.0.Alpha10 <=4.1.6.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =1.0.0.Alpha10, =0.1.7, =0.0.10, =0.0.1, =1.0.0, =2.0.0, =0.4.3, =0.4.3, =0.0.1, =2.2.0.Alpha2, =3.6.0.Alpha1 and more Source cves: CVE-2025-14969 Source advisory: OSV:GHSA-FRPP-8PWQ-HJRX...

CVE-2025-1701

CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally...

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

CVE-2025-3125

CVE-2025-3125 describes an arbitrary file upload vulnerability in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with administrative privileges can upload a malicious file to a user-controlled location on the serv...

CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

PT-2025-45106

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An issue exists where improper input validation in the CarbonAppUploader admin service endpoint allows an authenticated attacker with administrative privileges to upload a malicious fil...

EUVD-2004-1825

Malware in sbrugna...