Lucene search
K

45 matches found

NVD
NVD
added 2026/06/17 8:16 p.m.9 views

CVE-2026-11407

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS0.00623EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32276

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26442

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it contains an authenticated arbitrary fil...

2.7CVSS5.9AI score0.0023EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6742

Malware in sbrugna...

8.1CVSS8.2AI score0.01223EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-0863

Malware in sbrugna...

7.5CVSS8.3AI score0.02406EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0842

Malware in sbrugna...

7.2CVSS6.5AI score0.00401EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-32590

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00363EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/06/25 12:0 a.m.198 views

📄 CloudClassroom-PHP-Project 1.0 SQL Injection

CloudClassroom-PHP-Project version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass. 🛡️ CVE Disclosure: CVE-2025-26198 — SQL Injection in CloudClassroom-PHP-Project Disclosure Date: 18 June 2025 CVE ID: CVE-2025-26198 Severity: CRITICAL CVSS 9.8 --- 🧩 Summary A...

9.8CVSS8.5AI score0.00572EPSS
Exploits4
CISA
CISA
added 2025/01/22 12:0 p.m.19 views

CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

CISA, in partnership with the Federal Bureau of Investigation FBI, released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a...

9.4CVSS8.3AI score0.98557EPSS
In wildExploits3References7
NVD
NVD
added 2023/04/17 10:15 p.m.26 views

CVE-2023-28972

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the...

6.8CVSS6.7AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/17 12:0 a.m.43 views

CVE-2023-28972 Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the...

6.8CVSS6.9AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2023/04/17 12:0 a.m.64 views

CVE-2023-28972

CVE-2023-28972 affects Juniper Networks Junos OS on NFX Series. The vulnerability is caused by an improper link resolution before file access in console port access, allowing an attacker with physical console access to bypass login controls and change the root password via set system root-authent...

6.8CVSS6.7AI score0.00363EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.5 views

PT-2023-22059 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.2R3-S7 Junos OS versions prior to 19.3R3-S8 Junos OS versions prior to 19.4R3-S12 Junos OS versions prior to 20.2R3-S8 Junos OS versions prior to 20.4R3-S7 Junos OS versions prior to 21.1R3-S5 Junos OS versions...

6.8CVSS6.5AI score0.00363EPSS
Exploits0References3
Prion
Prion
added 2022/10/10 9:15 p.m.19 views

Design/Logic Flaw

A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention DLP module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain...

4CVSS6.3AI score0.00158EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/04/10 8:29 p.m.17 views

Design/Logic Flaw

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...

7.2CVSS6.7AI score0.00401EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/04/10 8:29 p.m.5 views

CVE-2019-0035

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...

6.8CVSS5.8AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2019/04/10 8:29 p.m.20 views

CVE-2019-0035

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...

7.2CVSS6.7AI score0.00401EPSS
Exploits0References1
CVE
CVE
added 2019/04/10 8:13 p.m.70 views

CVE-2019-0035

CVE-2019-0035 describes an administrative bypass on Juniper Networks Junos OS. When the insecure console port setting is enabled, an attacker with physical access can change the root password on systems booted from an OAM volume using the command set system root-authentication plain-text-password...

7.2CVSS6.7AI score0.00401EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/10 12:0 a.m.5 views

PT-2019-2076 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 15.1 through 15.1F6-S12, 15.1R7-S3 Juniper Networks Junos OS versions 15.1X49 through 15.1X49-D160 Juniper Networks Junos OS versions 15.1X53 through 15.1X53-D236, 15.1X53-D496, 15.1X53-D68 Juniper Networks...

7.2CVSS6.4AI score0.00401EPSS
Exploits0References6
0day.today
0day.today
added 2016/08/22 12:0 a.m.174 views

Ocomon 2.0 - SQL Injection

Exploit for php platform in category web applications Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version:...

5CVSS6.7AI score0.01096EPSS
Exploits3
Rows per page
Query Builder