CVE-2026-20189

Cisco Prime Infrastructure contains an information disclosure vulnerability in the log file download functionality. The issue arises from insufficient authorization checks on the download service API. An attacker with valid credentials to the web interface can craft a URL request to download arbi...

CVE-2026-2042

Nagios Host monitoringwizard Command Injection (CVE-2026-2042) affects Nagios Host installations. The flaw is in the monitoringwizard module where a user-supplied string is not properly validated before being used in a system call, allowing an attacker to execute arbitrary code with the service a...

DRUPAL-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

CVE-2025-59901

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...

CVE-2026-0784

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-0796 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

EUVD-2025-204967

Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...

CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

CVE-2025-9273

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine

CVE-2025-20124 – Cisco ISE 3.0 Java Deserialization Remote Cod...

PT-2025-32552 · Unknown +1 · Zen Load Balancer +2

Name of the Vulnerable Software and Affected Versions: ZEN Load Balancer versions 2.0 ZEN Load Balancer version 3.0-rc1 Description: ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection issue in the content2-2.cgi file. The filelog parameter is passed directly to an exec call...

cve

Vulnerability Title: Arbitrary File Read in QCMS Authenticate...

Vulnerabilities fixed in Splunk Enterprise

Splunk has fixed vulnerabilities in Splunk Enterprise. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or execute arbitrary code in the context of the application. For successful abuse, the malicious party must be authenticated prior. Splunk has released...

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus version 10.13.0 that originates from allowing an authenticated external attacker to execute arbitrary JavaScript on t...

CVE-2023-44410

D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers...

CVE-2023-41225

D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2024-22165

In Splunk Enterprise Security ES versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service DoS. The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.The vulnerability requires an...

Vulnerabilities fixed in Atlassian Confluence

Atlassian has fixed vulnerabilities in Confluence. A malicious party could exploit the vulnerabilities to execute arbitrary code execute arbitrary code with application privileges and possibly thereby gain access to sensitive data. The malicious party needs prior authentication required. Atlassia...

UBUNTU-CVE-2022-37155

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the oups parameter...