10 matches found
EUVD-2026-28161
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...
HCL BigFix Service Management 信息泄露漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the existence of directories that are not linked or are...
EUVD-2025-208831
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
CVE-2025-55043
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
CVE-2025-55043
MuraCMS up to version 10.1.10 contains a CSRF flaw in the bundle creation flow (csettings.cfc createBundle) that allows unauthenticated attackers to force admins to create and save site bundles containing sensitive data into publicly accessible directories. This can enable complete data exfiltrat...
CVE-2025-55043
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
PT-2026-26081
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
Hackers Take Aim at SSH Keys in New Wave of Attacks
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SS...
eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files
Title: eyeOS alert"XSS done"; - Risks and consequences: Malicious users can inject code inside image files malware, browser exploits, etc... to attack other users and compromise the whole system via shared files or internal messages. - Mitigations: Disallow public dirs. Avoid work with images. -...
ISC inn creates temporary files insecurely
Overview inn, a network news agent, may be configured on some operating systems to use a publically-writeable directory for its temporary files. This may be exploited to gain access to the news account. Description inn is distributed on a variety of Linux platforms. The program is written under t...