89 matches found
ExAws.SNS 安全漏洞
ExAws.SNS is an open-source AWS SNS message push service module developed by ex-aws. Versions of ExAws.SNS from 2.0.1 to 2.3.5 contained security vulnerabilities. These vulnerabilities were caused by improper certificate verification, which could lead to signature forgery...
CVE-2026-42222
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available...
CVE-2026-42222 nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available...
CVE-2026-42222
CVE-2026-42222 (nginx-ui 2.3.5) describes an unauthenticated bootstrap takeover during the initial installation window exposed by POST /api/install. The issue allows a remote attacker to submit attacker-chosen bootstrap data and gain full unauthenticated administrative control on a fresh, uniniti...
PT-2026-36922
Name of the Vulnerable Software and Affected Versions Nginx UI version 2.3.5 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint...
CVE-2026-38936
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/selectindices.php via the namecontains parameter...
PT-2026-35457
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
CVE-2026-38936
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/selectindices.php via the namecontains parameter...
PT-2026-35456
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings process.php...
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
MyLittleForum 2.3.5 Cross Site Scripting
Multiple Reflected cross site scripting vulnerabilities exist in MyLittleForum version 2.3.5. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everestprocessstatus' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for...
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everestprocessstatus' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for...
WordPress Everest Backup plugin <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by netranger in WordPress Plugin Everest Backup versions = 2.3.5...
EUVD-2021-11505
Malware in sbrugna...
EUVD-2013-3506
Malware in sbrugna...
EUVD-2024-36539
Malicious code in bioql PyPI...
EUVD-2023-49905
Malicious code in bioql PyPI...