EUVD-2021-27564

Malicious code in bioql PyPI...

CVE-2019-13236

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...

CVE-2019-13237

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...

CVE-2025-22472

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2024-49558

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2024-48837

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

CrushFTP 安全漏洞

CrushFTP is a file transfer server. A security vulnerability exists in CrushFTP version v.10.6.0 and v.10.5.5, which stems from the presence of a cross-site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload...

[R2] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.5.5 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 09/21/2023 - 10:55 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary fil...

Tenable Nessus Multiple Vulnerabilities (TNS-2023-29, TNS-2023-31)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

WordPress RSVPMarker Plugin < 10.5.5 is vulnerable to SQL Injection

Software RSVPMarker Type Plugin Vulnerable versions 10.5.5 Fixed in 10.5.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-29095 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4d11f7569f33 Credits Rafi Priatna Kasbiantoro Required privilege...

CVE-2021-40386

Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code...

Kaseya Unitrends Client/Agent 安全漏洞

Kaseya Unitrends Client/Agent is a cloud-based enterprise backup and disaster recovery technology from Kaseya Corporation, USA. A security vulnerability exists in Kaseya Unitrends Client/Agent version 10.5.5 and prior versions. An attacker can exploit this vulnerability to execute arbitrary code...

Unitrends Backup Formatting String Error Vulnerability

Unitrends Backup is designed to eliminate data loss, ransomware and risk. A format string error vulnerability exists in versions of Unitrends Backup prior to 10.5.5, which stems from the creation of an HTTP request that could trigger a format string vulnerability in a privileged vaultServer...

Unitrends Backup Remote Code Execution Vulnerability (CNVD-2021-95939)

Unitrends Backup is designed to eliminate data loss, ransomware and risk. A remote code execution vulnerability exists in versions of Unitrends Backup prior to 10.5.5, which can be exploited by an attacker to execute arbitrary code as root...

PT-2021-23728 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Samba file sharing service, allowing anonymous read/write access. Recommendations: For versions prior to 10.5.5, update to version 10.5.5 o...

PT-2021-23732 · Kaseya +1 · Kaseya Unitrends Backup Appliance +1

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the software where the apache user could read arbitrary files, such as /etc/shadow, by abusing an insecure Sudo rule. Recommendations: For...

PT-2021-23724 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the software, involving two unauthenticated SQL injection vulnerabilities. These vulnerabilities allow arbitrary SQL queries to be injected and...

PT-2021-23733 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the SNMP daemon, which was configured with a weak default community. Recommendations: For versions prior to 10.5.5, update to version 10.5.5 or...

PT-2021-23725 · Kaseya +1 · Kaseya Unitrends Backup Appliance +1

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance where the password for the PostgreSQL wguest account is weak. Recommendations: For versions prior to...

PT-2021-23723 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where a world writable file allowed local users to execute arbitrary code as the user apache, leading to...