CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

Aranda Service Desk 安全漏洞

Aranda Service Desk is an IT service management and helpdesk system provided by the American company Aranda. Versions of Aranda Service Desk prior to 8.3.12 contained security vulnerabilities. These vulnerabilities stemmed from the Aranda File Server component storing daily activity logs in a...

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

EUVD-2026-18623

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-3880 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-3880 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-3880

ManageEngine Exchange Reporter Plus (Zohocorp) versions before 5802 are vulnerable to a Stored XSS flaw in the Public Folder Client Permissions report. The issue allows injected script via the affected report, with CVSSv3.1 metrics indicating a HIGH base score (7.3), remote attack vector, low att...

PT-2026-30027

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

ZOHO ManageEngine Exchange reporter Plus 安全漏洞

ZOHO ManageEngine Exchange Reporter Plus is a web-based Microsoft Exchange reporting, auditing, and monitoring software developed by ZOHO Corporation. Previous versions of ZOHO ManageEngine Exchange Reporter Plus, including version 5802, contained security vulnerabilities. These vulnerabilities...

CVE-2025-15076

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks...

EUVD-2020-26439

Malware in sbrugna...

EUVD-2024-50737

Malicious code in bioql PyPI...

Description of the security update for Microsoft Exchange Server Subscription Edition RTM: August 12, 2025 (KB5063224)

Description of the security update for Microsoft Exchange Server Subscription Edition RTM: August 12, 2025 KB5063224 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common...

Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 (KB5063222)

Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 KB5063222 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...

Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 (KB5063221)

Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 KB5063221 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...

Description of the security update for Microsoft Exchange Server 2016: August 12, 2025 (KB5063223)

Description of the security update for Microsoft Exchange Server 2016: August 12, 2025 KB5063223 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...

CVE-2020-5195

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folderup.png IMG element not properly sanitizing user-inserted directory...

CVE-2024-12274

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...