CVE-2025-52667

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user...

CVE-2025-52667

CVE-2025-52667 affects Revive Adserver: missing JSON Content-Type header validation in a script leads to a stored XSS vulnerability for a logged-in manager user, affecting Revive Adserver 6.0.1, 5.5.2 and earlier. Connected sources (Red Hat, CNVD, NVD, OSV, HackerOne report) confirm XSS risk link...

EUVD-2019-9501

Malware in sbrugna...

EUVD-2022-35730

Malicious code in bioql PyPI...

PT-2025-38748

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.16 Description The web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The affected functionality is accessible through the web interface. Th...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

CVE-2025-40732

user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...

CVE-2025-38004

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcmop runtime updates The CAN broadcast manager CAN BCM can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the...

CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

CVE-2025-26485

A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts in case of the usage of a wrong password or a non existent user. The difference in the returned error messages could be used by attackers to understand whether a certain user is...

CVE-2020-26830

SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. Thes...

Privilege escalation

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution...

PT-2023-3045 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccss/SCADA versions 9.1.3 and prior Description: The issue is related to an arbitrary file upload vulnerability. This could allow an attacker to upload an ASP script file to a webserver when logged in as a manager user, leading ...

Unspecified vulnerability in elFinder

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads , image scaling and other features . A security vulnerability exists in elFinder.Net.Core that stems from user-controlled filenames not being properly cleaned up before being us...

DEBIAN-CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

CVE-2012-4731

FAQ manager for Request Tracker RTFM before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors...

Asterisk Manager User Unauthorized Shell Access (AST-2012-004)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow an authenticated, remote attacker to run arbitrary commands with the credentials of the Asterisk server. %NASLMINLEVEL 70300 C Tenable Network...

Fedora 15 : asterisk-1.8.3.3-1.fc15 (2011-5835)

The Asterisk Development Team has announced security releases for Asterisk branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3. These releases are available for immediate download at...