151 matches found
Server-side Request Forgery (SSRF)
Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...
CVE-2010-0523
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet...
CVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking...
CVE-2022-0499
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...
CVE-2024-2340
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...
CVE-2025-1306
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...
CVE-2024-2125
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...
CVE-2025-13871
CVE-2025-13871 concerns CSRF in the Resource-Management feature of ObjectPlanet Opinio 7.26 rev12562. The vulnerability allows uploading files on behalf of authenticated users and subsequently accessing those files without authentication. Concrete details across connected sources confirm the affe...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' (Internal Dot) vulnerability (CVE-2025-24813).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' Internal Dot vulnerability CVE-2025-24813. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path...
TencentOS Server 3: tomcat (TSSA-2025:0225)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0225 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Apache OFBiz 安全漏洞
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation in the United States. The system provides a suite of Java-based web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 24.09.03 that stems from allowing the uploa...
EUVD-2020-18386
Malware in sbrugna...
EUVD-2004-1542
Malware in sbrugna...
EUVD-2008-6911
Malware in sbrugna...
EUVD-2018-11477
Malware in sbrugna...
EUVD-2021-11130
Malware in sbrugna...
EUVD-2017-15165
Malware in sbrugna...
EUVD-2016-6924
Malware in sbrugna...
EUVD-2012-5496
Malware in sbrugna...
EUVD-2018-21594
Malware in sbrugna...