CVE-2026-27760

OpenCATS vulnerability CVE-2026-27760 affects the installer AJAX endpoint. Prior to commit 3002a29, unauthenticated attackers could inject PHP via the databaseConnectivity action parameter, breaking out of the define() string context in config.php and injecting code that persists and runs on subs...

OpenCats 代码注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. OpenCats has a code injection vulnerability, which stems from PHP code injection in the AJAX endpoints of the installation wizard. This vulnerability allows unauthenticated attackers to execute arbitrary code ...

CVE-2026-4350

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

ChurchCRM 代码注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...

CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting

A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...

CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting

A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...

Malicious code in csm-installation-wizard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b5bdad9e0b6a88bc81e8ae16cc200d4c4ac3e021b0583309fbc4338574fc64b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR May-2024 Release 1, which originates from an authentication bypass vulnerability in the...

Security Bulletin: Flexera InstallShield has a security vulnerability that affects Content Manager Enterprise Edition Client for Windows (CVE-2016-2542)

Summary Flexera InstallShield has a security vulnerability that could be exploited in Content Manager Enterprise Edition V8.4.3 Client for Windows. The Content Manager Enterprise Edition V8.4.3 base and fixpack utilizes the Flexera InstallShield. Vulnerability Details CVEID: CVE-2016-2542...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in Samsung SMR that stems from the presence of an incorrect access control vulnerability. An attacker could exploit the vulnerability by installing...

CVE-2021-35231

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

CVE-2021-35231

The CVE-2021-35231 entry concerns unquoted service path vulnerability in the Kiwi Syslog Server Installation Wizard. A local attacker could escalate privileges by placing an executable in the affected service/uninstall entry path (example: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services...

Solarwinds Kiwi Syslog Server 代码问题漏洞

Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A code issue vulnerability exists in the...

CVE-2021-35230

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry...

CVE-2021-35230

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry...

Design/Logic Flaw

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry...

CVE-2021-35230

The CVE-2021-35230 entry describes an unquoted service path vulnerability in the Kiwi CatTools Installation Wizard that could allow a local attacker to gain elevated privileges by placing an executable in the path of the affected service or uninstall entry. The vulnerability is local-privilege-es...

Kiwi CatTools Installation Wizard 路径遍历漏洞

Solarwinds Kiwi CatTools is a network automation tool from the American company Solarwinds. It is used to manage configurations on network devices such as routers, switches, and firewalls. A security vulnerability exists in the Kiwi CatTools Installation Wizard, which can be exploited by an...

Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...

WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE

Description The release notes state: "Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE." The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The...