CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

CVE-2025-64157

CVE-2025-64157 affects Fortinet FortiOS versions 7.0–7.6.4 (and 7.4.x, 7.2.x, 7.6.x ranges as listed) where an authenticated administrator can trigger unauthorized code execution via specifically crafted configuration due to an externally-controlled format string. Multiple connected sources (Fort...

CVE-2026-24312

SAP Business Workflow suffers a privilege-escalation flaw caused by an erroneous authorization check. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to perform unauthorized high-privilege actions. This primarily impacts d...

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

FUXA Affected by a Path Traversal Sanitization Bypass

Summary A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an attacker can write arbitrary files to the server filesystem, including sensitive directorie...

PT-2026-7276

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0 through 7.2.11 Fortinet FortiOS versions 7.4.0 through 7.4.9 Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An issue exists in Fortinet FortiOS where a use of externally-controlled format string can all...

Fortinet Fortigate Format String in CAPWAP fast-failover mode (FG-IR-25-795)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-795 advisory. - A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through...

CVE-2026-25951

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an...

GHSA-7JX7-3846-M7W7 Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

Relationship to Previously Patched Vulnerability This vulnerability is in addition to the RCE vulnerability patched in GHSA-255j-qw47-wjh5. That advisory addressed a similar RCE vulnerability that affected two specific routes: - /index.php?p=admin%2Factions%2Ffields%2Fapply-layout-element-setting...

Exploit for CVE-2025-67435

CVE-2025-67435 Researcher : Chowdhury Faizal Ahammed...

CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

CVE-2026-25511

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...

CVE-2026-21893

Summary of CVE-2026-21893 (n8n): A command injection vulnerability existed in n8n’s community package installation functionality from versions 0.187.0 up to before 1.120.3, allowing authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under cert...

EUVD-2026-5369

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

CVE-2026-1370

The CVE describes a time-based SQL Injection in the SIBS WooCommerce payment gateway plugin for WordPress (versions

CVE-2026-1370 SIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter

The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Microweber CMS 2.0 - Reflected XSS in Admin Page Creation

Reflected Cross-Site Scripting XSS exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users. id: CVE-2025-51502 info: name: Microweber CMS 2.0 - Reflected XSS in Admin Page...

PT-2026-6025

Name of the Vulnerable Software and Affected Versions Ercom Cryptobox affected versions not specified Description The Ercom Cryptobox administration console contains flaws that permit an authenticated entity administrator, possessing sufficient knowledge, to escalate their privileges to global...

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...