CVE-2026-4761

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless update...

CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

CVE-2021-28674

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...

SUSE CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

SUSE CVE-2021-3816

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the groupprefix field during the creation of a new group via "Copy" method at usergroupadmin.php...

Best Practical Solutions Request Tracker Cross-Site Scripting Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . A cross-site scripting vulnerability exists in Best...

DEBIAN-CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

sudo privilege escalation

Under some conditions it's possible to execute code with group rights...

Debian Security Advisory DSA 1022-1 (storebackup)

The remote host is missing an update to storebackup announced via advisory DSA 1022-1. Several vulnerabilities have been discovered in the backup utility storebackup. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3146 Storebackup creates a temporary...

GLSA-200512-07 : OpenLDAP, Gauche: RUNPATH issues

The remote host is affected by the vulnerability described in GLSA-200512-07 OpenLDAP, Gauche: RUNPATH issues Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime. Impact : A local attacker, who is a member o...

Perl, Qt-UnixODBC, CMake: RUNPATH issues

Background Perl is a stable, cross-platform programming language created by Larry Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform build environment. Description Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtim...