23 matches found
CVE-2025-12811
Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...
PT-2026-20542
Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...
EUVD-2023-60207
UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...
UliCMS 跨站脚本漏洞
UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A cross-site scripting vulnerability exists in UliCMS version 2023.1, which stems from the fact that an attacker can upload a malicious SVG file with embedded...
UliCMS 安全漏洞
UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...
CVE-2025-35062
Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...
CVE-2025-35062
Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...
CVE-2025-35062
Newforma Info Exchange (NIX) before version 2023.1 allows anonymous authentication by default, enabling an unauthenticated attacker to exploit additional vulnerabilities that require authentication. Related sources describe bypass and file-read/upload issues tied to authenticated access and the p...
PT-2025-41478
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX versions prior to 2023.1, by default, permit anonymous authentication. This allows an unauthenticated attacker to exploit further issues that typically...
CVE-2023-35860
A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php...
PT-2024-12517 · Modern Campus · Modern Campus - Omni Cms
Name of the Vulnerable Software and Affected Versions: Modern Campus - Omni CMS version 2023.1 Description: A Directory Traversal issue allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to "listing.php" or "rss.php" API endpoints. Recommendations...
Modern Campus Omni CMS Security Vulnerability
Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from a Reflected Cross-Site Scripting XSS vulnerability in the...
PT-2024-12515 · Modern Campus · Omni Cms
Name of the Vulnerable Software and Affected Versions: Modern Campus - Omni CMS version 2023.1 Description: The issue allows a remote, unauthenticated attacker to obtain application information through XPath Injection vulnerabilities in the blog and RSS functions. Recommendations: For Modern Camp...
Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
Progress Software WhatsUp Gold Access Control Error Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
Progress Software WhatsUp Gold Access Control Error Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...
CVE-2023-24592
Path traversal in the some IntelR oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access...