CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2023-43816

A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution...

EUVD-2018-2919

Malware in sbrugna...

EUVD-2023-47907

Malicious code in bioql PyPI...

CVE-2025-55171 WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacaoremover.php allowing anonymous attacker without login to delete any Image files at endpoin...

CVE-2024-3279

An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of...

CVE-2024-23615

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root...

Symantec Messaging Gateway Security Vulnerability

Symantec Messaging Gateway is a suite of spam filters from Symantec USA. The product features anti-spam, anti-virus, advanced content filtering, and data leakage protection. A security vulnerability exists in Symantec Messaging Gateway version 9.5 and earlier. A remote anonymous attacker can...

PT-2024-1418 · Delta Electronics · Ispsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics ISPSoft affected versions not specified Description: A heap buffer-overflow exists in Delta Electronics ISPSoft, allowing an anonymous attacker to exploit this issue by enticing a user to open a specially crafted DVP file,...

CVE-2023-40145

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device...

CVE-2023-38584 Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin commandwb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

Weintek cMT Buffer Error Vulnerability

Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI, which stems from the fact that cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypa...

PT-2023-6284 · Weintek · Cmt3000 Hmi Web Cgi

Name of the Vulnerable Software and Affected Versions: Weintek cMT3000 HMI Web CGI affected versions not specified Description: The issue is related to a stack-based buffer overflow in the cgi-bin codesys.cgi of Weintek's cMT3000 HMI Web CGI device. This could allow an anonymous attacker to hijac...

Proofpoint Insider Threat Management Trust Management Issues Vulnerabilities

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint USA. A trust management issue vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from an incorrect authentication verification vulnerabilit...

CVE-2023-41367

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2023-36002

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected...

Authorization

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected...

grafana: CSRF vulnerability can lead to privilege escalation

A Cross-site request forgery CSRF vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, editors or admins. An attacker can exploit this vulnerability for...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage various types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center versions prior to 8.20.8, which stems from its...

CVE-2020-10655

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The...