CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

EUVD-2026-3644

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

CVE-2026-20055

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

EUVD-2026-2748

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

PT-2026-3070

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

EUVD-2026-2838

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

CVE-2022-50916

CVE-2022-50916 affects e107 CMS v3.2.1. A file upload vulnerability in the Media Manager import functionality allows authenticated administrators to override server files by manipulating the upload URL parameter, potentially overwriting files like top.php in the web application directory. Publicl...

CVE-2022-50907 e107 CMS v3.2.1 - Admin Upload Restriction Bypass + RCE

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...

CVE-2025-59922

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

CVE-2025-59922

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

CVE-2025-59922

CVE-2025-59922 affects Fortinet FortiClientEMS with an SQL injection due to improper neutralization of special elements in HTTP(S) requests. A authenticated attacker with at least read-only admin permissions can exploit crafted requests to execute unauthorized SQL code/commands. Affected versions...

CVE-2025-59922

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

CVE-2026-0507

SAP NetWeaver Application Server for ABAP and SAP NetWeaver RFCSDK are affected by an OS Command Injection vulnerability (CVE-2026-0507). An authenticated admin with adjacent network access could upload specially crafted content; if processed, it enables arbitrary OS command execution, potentiall...

CVE-2026-0504

CVE-2026-0504 affects SAP Identity Management REST interface. The issue arises from insufficient input handling that allows an authenticated administrator to send crafted REST requests processed by JNDI operations without proper input neutralization. According to multiple sources, this can lead t...

PT-2026-2218

Name of the Vulnerable Software and Affected Versions Ghost versions 5.90.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in the /ghost/api/admin/members/events API endpoint permits authenticated Admin API users to execute...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...