229821 matches found
ROOT-APP-NPM-CVE-2022-0144 CVE-2022-0144 in @rootio/shelljs - Patched by Root
Root has patched CVE-2022-0144 in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42035 CVE-2026-42035 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42035 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...
WordPress Download Manager <2.9.94 - Cross-Site Scripting
WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter. id: CVE-2019-15889 info: name: WordPress Download Manager 2.9.94 - Cross-Site Scripting author: daffainf...
Eaton Intelligent Power Manager 1.6 - Directory Traversal
Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/loginprocess 'username' parameter via GET, whereby no authentication is required. id: CVE-2022-28363 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medi...
WSO2 - Cross-Site Scripting
WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0,...
Oracle Access Manager - Remote Code Execution
The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...
Cuppa CMS v1.0 - Arbitrary File Upload
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...
WordPress Visitor Statistics <=5.7 - SQL Injection
WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...
Kae's File Manager <=1.4.7 - Cross-Site Scripting
Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Adobe Experience Manager - XML External Entity Injection
Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. id: CVE-2020-27361 info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.0...