Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

CVE-2021-22772

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

WordPress plugin Hide Category by User Role for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM.IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing...

EUVD-2020-11784

Malware in sbrugna...

EUVD-2025-18369

Malicious code in bioql PyPI...

EUVD-2021-9907

Malicious code in bioql PyPI...

Maka GPS Marbella KR8s 安全漏洞

Maka GPS Marbella KR8s is a car recorder from Maka GPS Singapore. A security vulnerability exists in Maka GPS Marbella KR8s version 2.0.8, which originates from an unauthorized operation on port 7777...

CVE-2025-6172

Permission vulnerability in the mobile application com.afmobi.boomplayer may lead to the risk of unauthorized operation...

CVE-2025-6172

Permission vulnerability in the mobile application com.afmobi.boomplayer may lead to the risk of unauthorized operation...

CVE-2025-6172

CVE-2025-6172 affects the mobile app com.afmobi.boomplayer (TECNO/Transfon). The connected sources indicate a permission vulnerability that may allow unauthorized operations with a high impact (CVSS v3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Root cause details are limited to general “permis...

Controller Code Upload Detected (Medium)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Controller Code Upload Detected (Critical)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Fortinet FortiNDR 跨站请求伪造漏洞

Fortinet FortiNDR is a network detection and response solution from Fortinet, Inc. A cross-site request forgery vulnerability exists in Fortinet FortiNDR, which stems from a cross-site request forgery that could lead to the execution of an unauthorized operation. The following versions are...

Kashipara Hotel Management System Access Control Error Vulnerability

Kashipara Hotel Management System is a hotel management system from Kashipara. An access control error vulnerability exists in Kashipara Hotel Management System v1.0 that can be exploited by an attacker to cause unauthorized operation...

Kashipara Bus Ticket Reservation System Access Control Error Vulnerability

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. An access control error vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which can be exploited by attackers to cause unauthorized operation...

Service Provider Management System Authorization Issues Vulnerability

Service Provider Management System is a web-based application by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. An authorization issue vulnerability exists in Service Provider Management System version 1.0, which can be exploited...

Design/Logic Flaw

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user...

WordPress Social Share Buttons Access Control Error Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Social Share Buttons 2.2.3 and prior versions, which stems from an improper access contr...

Privilege escalation

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation ...