256 matches found
Exploit-POC
🛡️ Exploit-POC A curated collection of Proof-of-Concept Po...
CVE-2021-47947
CVE-2021-47947 affects Projectsend (r1295). A stored XSS exists in the files-edit.php name parameter: authenticated attackers can submit crafted input to inject JavaScript that executes in other users’ browsers, notably impacting System Administrator users on the Dashboard page. The issue is caus...
CVE-2021-47947 Projectsend r1295 Stored Cross-Site Scripting via files-edit.php
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from incorrect behavior when the real UID and the effective UID differ. This could lead to automated scripts or system administrators making...
EUVD-2026-12333
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...
GO-2026-4460 Mattermost Server does not restrict SAML certificate path for System Administrators in github.com/mattermost/mattermost-server
Mattermost Server does not restrict SAML certificate path for System Administrators in github.com/mattermost/mattermost-server...
Virtuozzo Hybrid Infrastructure 7.2 (7.2.0-246)
In this release, Virtuozzo Hybrid Infrastructure introduces support for two-factor authentication 2FA for system administrators and self-service users, along with several other new features and improvements. Additionally, this release delivers stability fixes and addresses issues found in previou...
GO-2025-4148 Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...
GO-2025-4130 Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server
Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server...
Mattermost allows system administrators to access password hashes and MFA secrets
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...
EUVD-2018-11749
Malware in sbrugna...
EUVD-2024-41463
Malicious code in bioql PyPI...
EUVD-2022-24353
Malicious code in bioql PyPI...
EUVD-2025-10869
Malicious code in bioql PyPI...
EUVD-2023-12855
Malicious code in bioql PyPI...
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...
PT-2025-38504
Name of the Vulnerable Software and Affected Versions Internet2 Grouper versions 5.17.1 through 5.20.4 Description Group administrators who are not also Grouper system administrators can configure loader jobs. Recommendations Update to a version prior to 5.17.1 or after 5.20.5...
CVE-2024-37349
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...
CVE-2023-0857
Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera...
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...