45 matches found
CVE-2026-11407
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...
EUVD-2026-32276
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...
PT-2026-26442
Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it contains an authenticated arbitrary fil...
EUVD-2016-6742
Malware in sbrugna...
EUVD-2016-0863
Malware in sbrugna...
EUVD-2019-0842
Malware in sbrugna...
EUVD-2023-32590
Malicious code in bioql PyPI...
📄 CloudClassroom-PHP-Project 1.0 SQL Injection
CloudClassroom-PHP-Project version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass. 🛡️ CVE Disclosure: CVE-2025-26198 — SQL Injection in CloudClassroom-PHP-Project Disclosure Date: 18 June 2025 CVE ID: CVE-2025-26198 Severity: CRITICAL CVSS 9.8 --- 🧩 Summary A...
CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
CISA, in partnership with the Federal Bureau of Investigation FBI, released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a...
CVE-2023-28972
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the...
CVE-2023-28972 Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the...
CVE-2023-28972
CVE-2023-28972 affects Juniper Networks Junos OS on NFX Series. The vulnerability is caused by an improper link resolution before file access in console port access, allowing an attacker with physical console access to bypass login controls and change the root password via set system root-authent...
PT-2023-22059 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.2R3-S7 Junos OS versions prior to 19.3R3-S8 Junos OS versions prior to 19.4R3-S12 Junos OS versions prior to 20.2R3-S8 Junos OS versions prior to 20.4R3-S7 Junos OS versions prior to 21.1R3-S5 Junos OS versions...
Design/Logic Flaw
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention DLP module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain...
Design/Logic Flaw
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...
CVE-2019-0035
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...
CVE-2019-0035
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM Operations, Administration, and Maintenance volume, leading to...
CVE-2019-0035
CVE-2019-0035 describes an administrative bypass on Juniper Networks Junos OS. When the insecure console port setting is enabled, an attacker with physical access can change the root password on systems booted from an OAM volume using the command set system root-authentication plain-text-password...
PT-2019-2076 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 15.1 through 15.1F6-S12, 15.1R7-S3 Juniper Networks Junos OS versions 15.1X49 through 15.1X49-D160 Juniper Networks Junos OS versions 15.1X53 through 15.1X53-D236, 15.1X53-D496, 15.1X53-D68 Juniper Networks...
Ocomon 2.0 - SQL Injection
Exploit for php platform in category web applications Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version:...