CVE-2026-45551 Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

CVE-2025-67905

CVE-2025-67905 affects Malwarebytes AdwCleaner prior to v8.7.0. The issue: AdwCleaner runs with Administrator privileges and performs an insecure log file delete operation where the target path is user-controllable, enabling a non-admin user to escalate to SYSTEM via a symbolic link. Exploitation...

phpMyFAQ XSS Vulnerability (GHSA-jv8r-hv7q-p6vc)

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

📄 Windows Server Update Service Deserialization Remote Code Execution

This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...

EUVD-2021-11349

Malware in sbrugna...

EUVD-2017-7785

Malware in sbrugna...

EUVD-2025-20873

Malicious code in bioql PyPI...

CVE-2025-6377

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threa...

CVE-2025-6376 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threa...

CVE-2025-6377 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threa...

CVE-2025-6377 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threa...

CVE-2025-48443

CVE-2025-48443 affects Trend Micro Password Manager (Consumer)

CVE-2021-24508

The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an...

CVE-2021-24409

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator...

Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of...

CVE-2024-30376

Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged...

PT-2024-23334

Name of the Vulnerable Software and Affected Versions Famatech Advanced IP Scanner affected versions not specified Description This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

CVE-2023-39459

CVE-2023-39459 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the processing of workspace files where user-supplied paths are not properly validated before file operations, enabling a local attacker to create arbitrary files in the Administrator context by enticing a target to vis...

CVE-2023-39459 Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...