EUVD-2026-32701

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

EUVD-2019-11148

Malware in sbrugna...

ROS-20250110-05

The vulnerability of the Zabbix universal monitoring system server is related to the use of uncontrolled format strings when processing HttpRequest objects. format strings when processing HttpRequest objects. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain...

PT-2024-36303 · WordPress · Wp-Hidethat

Name of the Vulnerable Software and Affected Versions: WP-HideThat versions 1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentiall...

CVE-2023-41972

The CVE-2023-41972 issue affects Zscaler Client Connector/Win ZApp where a password-type validation is missing in the Revert Password check, and in some features this check could be disabled. Connected sources confirm vulnerable versions are prior to 4.3.0.121 and that the fixed version is 4.3.0....

Design/Logic Flaw

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled...

OpenHarmony 安全漏洞

OpenHarmony is an open source project of the OpenAtom Foundation in China for a kind of Hongmeng operating system. A security vulnerability exists in OpenHarmony v3.1.2 and earlier versions, which stems from a lack of proper privilege validation in the parameter service of its boot subsystem that...

CVE-2020-7251 ESConfig Tool able to edit configuration for newer version

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security ENS Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS...

MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities

MYRE Real Estate Software is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

phpCommunity2 Multiple Vulnerabilities (Mar 2009) - Active Check

phpCommunity2 is prone to multiple input validation vulnerabilities, including multiple directory traversal issues and SQL-injection issues, and a cross-site scripting issue. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Microsoft Internet Explorer Clickjacking Vulnerability

This host has installed Internet Explorer and is prone to clickjacking vulnerability OpenVAS Vulnerability Test $Id: gbmsieclickjackingvuln.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer Clickjacking Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbone...

Apple Safari RSS Feed Information Disclosure Vulnerability

The host is running Apple Safari web browser which is prone to remote file access vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafariinfodiscvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Apple Safari RSS Feed Information Disclosure Vulnerability Authors: Nikita MR Copyright: Copyright c...