119 matches found
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
SourceCodester Pet Grooming Management Software Authorization Issues Vulnerabilities
SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software has a licensing issue vulnerability. This vulnerability stems from incorrect handling of the groupid paramet...
CVE-2025-13444
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13447
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13444
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
EUVD-2026-2346
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13447
CVE-2025-13447 corresponds to a remote code execution via OS Command Injection in Progress LoadMaster API. The connected ZDI advisories detail multiple command-injection flaws (delapikey, delcert, listapikeys, addapikey, getcipherset) that allow authenticated network-adjacent attackers to execute...
CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
EUVD-2026-2343
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13444
The CVE-2025-13444 family concerns OS Command Injection / Remote Code Execution in Progress Software Kemp LoadMaster. Connected ZDI advisories detail multiple command-injection flaws in LoadMaster commands (delapikey, getcipherset, listapikeys, delcert, addapikey) where unsanitized user data is p...
PT-2026-2443
Name of the Vulnerable Software and Affected Versions Progress LoadMaster affected versions not specified Description An authenticated attacker with “User Administration” permissions can execute arbitrary commands on the LoadMaster appliance. This is due to unsanitized input in the API input...
PT-2026-2442
Name of the Vulnerable Software and Affected Versions Progress LoadMaster affected versions not specified Description An authenticated attacker with “User Administration” permissions can execute arbitrary commands on the LoadMaster appliance. This is due to unsanitized input in the API input...
CVE-2019-16268
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen...
EUVD-2019-6497
Malware in sbrugna...
EUVD-2021-19477
Malware in sbrugna...
EUVD-2012-1751
Malware in sbrugna...
EUVD-2014-3726
Malware in sbrugna...
EUVD-2011-2299
Malware in sbrugna...
EUVD-2020-4002
Malware in sbrugna...