Jalios JPlatform SQL注入漏洞

Jalios JPlatform is a digital workbench from Jalios, Inc. A SQL injection vulnerability exists in Jalios JPlatform 10 SP6 versions prior to 10.0.6, which stems from improper neutralization of special elements in SQL commands by the DB selector function, which could result in an authenticated...

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

Exploit for CVE-2025-32118

🚀 CVE-2025-32118 - WordPress CMP Plugin RCE Exploit 🔍 Title...

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

CVE-2025-32358

The CVE describes an SSRF flaw in Zammad 6.4.x prior to 6.4.2. Authenticated admin users can enable webhooks, which trigger POST requests; if a webhook endpoint replies with a redirect, Zammad follows it with an automatic GET, enabling potential access to internal resources (e.g., local network)....

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...

WordPress Total Upkeep plugin <= 1.16.10 - Authenticated (Admin+) Command Injection vulnerability

Authenticated Admin+ Command Injection vulnerability discovered by sterva in WordPress Plugin Total Upkeep versions = 1.16.10...

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...

CVE-2025-0115

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...

CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...

CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...

CVE-2025-0115

CVE-2025-0115 : A vulnerability in Palo Alto Networks PAN-OS allows an authenticated admin on the PAN-OS CLI to read arbitrary files. Exploitation requires network access to the management interface (web, SSH, console, or Telnet) and valid admin credentials. The issue does not affect Cloud NGFW o...

PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.11 / 11.0.x < 11.0.6 / 11.1.x < 11.1.4-h17 / 11.2.x < 11.2.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to 10.2.11 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.4-h17 or 11.2.x prior to 11.2.3. It is, therefore, affected by a vulnerability. A vulnerability in the Palo Alto Networks...

PT-2025-11000 · WordPress · The Uncanny Automator – Easy Automation

Name of the Vulnerable Software and Affected Versions: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress versions up to, and including, 6.2 Description: The issue allows authenticated attackers with Administrator-level access and above t...

WordPress Uncanny Automator plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability

Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Uncanny Automator versions = 6.2...

WordPress BlogBuzzTime-for-wp plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin BlogBuzzTime for WP versions = 1.1...

WordPress Post Meta Data Manager plugin <= 1.4.3 - Authenticated (Admin+) Multisite Privilege Escalation vulnerability

Authenticated Admin+ Multisite Privilege Escalation vulnerability discovered by Francesco Carlucci in WordPress Plugin Post Meta Data Manager versions = 1.4.3...

WordPress Moving Media Library plugin <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Deletion vulnerability discovered by omstaendlig in WordPress Plugin Moving Media Library versions = 1.22...