CVE-2025-5742

CWE-79: Improper Neutralization of Input During Web Page Generation ‘Cross-site Scripting’ vulnerability exists when an authenticated user modifies configuration parameters on the web server...

PT-2025-25229 · Unknown · Virtuemart

Name of the Vulnerable Software and Affected Versions: VirtueMart affected versions not specified Description: An issue exists in the Product Image section of the VirtueMart backend, where authenticated attackers can upload files with arbitrary extensions. This could potentially lead to remote co...

CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

CVE-2024-13967 ession-Management Failure

This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8...

CVE-2024-47056

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

GHSA-H2WG-V8WG-JHXH Mautic does not shield .env files from web traffic

Summary This advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

CVE-2024-47056

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

CVE-2024-47056

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to improper server configuration that fails to restrict access to sensitive files. An attacker can view sensitive configuration data, including database...

CVE-2024-47056

Mautic is affected by CVE-2024-47056, where the .env configuration file can be accessed directly via a web browser due to improper server access controls. This exposure can lead to disclosure of sensitive information, including database credentials, API keys, and other critical configurations. Im...

CVE-2024-47056 Mautic does not shield .env files from web traffic

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

PT-2025-23098 · Apache +2 · Apache +2

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns the potential exposure of sensitive information, including database credentials, API keys, and other critical system configurations, due to the direct accessibility of .en...

CVE-2024-10486

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

CVE-2024-31415

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encrypti...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2024-44820

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/Ebak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo function, which exposes detailed information about the PHP...

CVE-2024-37382

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration...

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

CVE-2023-23781

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...

CVE-2023-34997

Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...