52 matches found
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
PT-2025-52683
Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b has a Cross Site Scripting XSS issue in the Content Search module. The issue allows for the injection of malicious scripts through the Content Search functionality. The...
PublicCMS 安全漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b. The vulnerability stems from the content search module being susceptible to cross-site scripting attacks...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting XSS in the Content Search module...
CVE-2025-65837
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module. The connected documents consistently identify the vulnerable component as the Content Search feature and describe the root cause as an XSS vulnerability. Reported CVSS v3.1 base score is 5.4 (MEDIUM) w...
Adobe Experience Manager (AEM) CRX Search Endpoint Exposure
The remote Adobe Experience Manager AEM CRX search endpoint is accessible. These endpoints provide potential attackers with access to search functionalities, which could be exploited to discover sensitive internal resources. No source data...
EUVD-2018-11524
Malware in sbrugna...
SUSE CVE-2025-4981
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
The vulnerability of the Content Search module of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus allows a hacker to execute arbitrary code.
The vulnerability of the Content Search module in the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus relates to the unlimited download of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-3835
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835 Remote Code Execution
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835
CVE-2025-3835 affects Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and earlier, with a Remote Code Execution vulnerability in the Content Search module. Public notes from multiple sources (NVD/Red Hat/Nessus entry) confirm the affected product and version range and describe RCE in t...
PT-2025-24419 · Zohocorp · Zoho Manageengine Exchange Reporter Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior Description: The issue concerns remote code execution in the Content Search module. It is related to the CWE-434 Unrestricted Upload of File with Dangerous Type. Remote code...
Google Eyes User Browsing Data Search in New Patent Filing
Tech giant Google may soon help users find content they've previously seen, not by searching the web but by scanning their own digital history...
BEC-ware the phish (part 1). Investigating incidents in M365
TL;DR Review the key artefacts to ensure the best possible telemetry is available in the case of a Business Email Compromise BEC. Keep an eye on data retention, where necessary export or forward data for investigations longer than 30 days. Verify and enable Unified Audit Logging, its free and giv...