14 matches found
CVE-2025-14610
CVE-2025-14610 : The WordPress plugin TableMaster for Elementor (versions up to and including 1.3.6) is vulnerable to authenticated SSRF via the csv_url parameter in the Data Table widget. An attacker with Author-level access or higher can trigger web requests to arbitrary locations (including lo...
PT-2026-2346
Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...
EUVD-2019-2261
Malware in sbrugna...
EUVD-2024-46425
Malicious code in bioql PyPI...
CVE-2024-5178
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
CVE-2020-35580
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...
VulnCheck KEV: CVE-2024-5178
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability...
CVE-2024-5178
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
OpenRefine JDBC Attack Vulnerability
Summary A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 Details Vulnerability Recurrence Start by constructing a malicious MySQL Server using the open source project MySQLFakeServer here. Then go to the Jdbc connection trigger vulnerability Vulnerability Analysis This vulnerability ...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
Cisco Adaptive Security Appliance Software and Firepower Threa...
Cisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)
According to its self-reported version, Cisco Nexus Operating System NX-OS is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view sensitive...
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...