CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the addcountry command. This vulnerability could allow...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the aclcontrol command. This vulnerability could allow...

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

CVE-2025-1393

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product...

EUVD-2019-3556

Malware in sbrugna...

EUVD-2015-5600

Malware in sbrugna...

EUVD-2015-7342

Malware in sbrugna...

EUVD-2022-50524

Malicious code in bioql PyPI...

CVE-2022-47767

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 included. This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300,...

CVE-2025-1393

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product...

CVE-2025-1393 Weidmueller: Authentication Vulnerability due to Hard-coded Credentials

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product...

CVE-2025-1393

CVE-2025-1393: An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. Multiple connected sources confirm unauthenticated access with full admin rights; one listing ties the issue to Weidmueller PROCON-WIN versions prior to...

CVE-2025-1393 Weidmueller: Authentication Vulnerability due to Hard-coded Credentials

An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product...

CVE-2025-1024

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...

CVE-2025-1024

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...

Git credentials are exposed in Atlantis logs

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. Thi...

CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation

A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data...

CVE-2022-47767

The CVE-2022-47767 issue affects Solar-Log Gateway devices running firmware v4.2.7 through v5.1.1, where a backdoor in the web dashboard allows remote login with super administrator privileges. The vulnerability is rooted in the gateway’s web panel security, enabling unauthenticated remote access...