CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

EUVD-2026-14960

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

PT-2026-27478

Name of the Vulnerable Software and Affected Versions Pharos Controls Mosaic Show Controller version 2.15.3 Description A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This...

Tautulli 操作系统命令注入漏洞

Tautulli is a Tautulli open source application for monitoring Plex Media Server Media Server. An operating system command injection vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from a command injection vulnerability that could lead to remote code execution...

CVE-2025-24650

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3...

CVE-2025-24650 WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3...

WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by l8BL in WordPress Plugin Tourfic versions = 2.15.3...

WordPress plugin Tourfic SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Fedora 37 : php-twig2 (2022-73b9fb7a77)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-73b9fb7a77 advisory. Version 2.15.3 2022-09-28 Fix a security issue on filesystem loader possibility to load a template outside a configured directory Tenable has extracted the...

PT-2022-24853 · Twig +4 · Twig +4

Name of the Vulnerable Software and Affected Versions: Twig versions 1.x prior to 1.44.7 Twig versions 2.x prior to 2.15.3 Twig versions 3.x prior to 3.4.3 Description: The issue arises when the filesystem loader loads templates for which the name is a user input. It is possible to use the source...

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

PT-2022-19386 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...

JVN#60978548: WordPress plugin "Site Reviews" vulnerable to cross-site scripting

The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the develope...

WordPress Site Reviews Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site. Site Reviews is used in one of the site reviews plugin. A cross-site scripting vulnerability exists in WordPress Site...