2419 matches found
CVE-2025-12490
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-64180
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
PT-2025-45407
Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2-146 and below Description ClipBucket is a video sharing platform. A stored Cross-site Scripting XSS issue exists in the Manage Photos feature. An authenticated regular user can upload a photo with a malicious Photo...
CVE-2025-12490
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...
CVE-2025-12490 Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...
CVE-2025-12490 Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists within the Suricata...
CVE-2025-12490
The CVE-2025-12490 entry describes a path traversal in Netgate pfSense CE Suricata that allows remote creation of arbitrary files with root privileges. The root cause is inadequate validation of a user-supplied path before file operations within the Suricata package, requiring authentication to e...
CVE-2025-20376
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...
CVE-2025-20375
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...
CVE-2025-20377
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...
CVE-2025-20376
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...
CVE-2025-20376
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...
CVE-2025-12582 Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'featuresrevertoption AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-55343
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txtdepecodi, busqueda/busqueda.php txtusuacodi, anexoslista.php raditemp, Administracion/listas/formAreaajax.php codDepe, Administracion/listas/formDepeHijoajax.php codDepe,...
PT-2025-45133
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...
CVE-2025-11724 EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBMAdminUntappdImportimage function and missing authorization checks on the...
Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid
CVE-2025-62168Squid Proxy Information Disclosure in Error hand...
EUVD-2025-37425
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...