24 matches found
Metasploit Wrap Up 05/22/2026
Another week, another authentication bypass Our humble Metasploit weeklyish blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/ciscosdwanvhubauthbypass module for CVE-2026-20182, a...
PT-2026-42074
Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The Read More & Accordion plugin for WordPress contains a time-based blind SQL Injection. This occurs because the orderby parameter is processed using esc attr and esc sql but is...
SQL Injection
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the static resource handler on Windows. An attacker can extract NTLMv2 credential hashes by accessing specially crafted remote paths, potentially leading to credential theft. Remediation Upgrade aioht...
CVE-2025-34331
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...
CVE-2025-34331
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...
CVE-2025-34331
CVE-2025-34331 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The issue is an unauthenticated file read via the download.php endpoint, which lacks access control and lets remote, unauthenticated users request files based on attacker-supplied path/filename. T...
CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...
PT-2025-47480
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...
EUVD-2022-42519
Malicious code in bioql PyPI...
EUVD-2025-29035
Malicious code in bioql PyPI...
EUVD-2025-20763
Malicious code in bioql PyPI...
CVE-2025-42943
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...
CVE-2025-42943 Information Disclosure in SAP GUI for Windows
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...
CVE-2025-34084
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin also known as BoldGrid Backup prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration env-info.php and discover...
CVE-2025-34084
...
CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...
Path traversal
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...
CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...
CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...