CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EUVD-2023-23566

Malicious code in bioql PyPI...

PT-2024-28816 · Hyland · Hyland Alfresco Platform

Name of the Vulnerable Software and Affected Versions: Hyland Alfresco Platform version 23.2.1-r96 Description: A reflected cross-site scripting XSS issue allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload into the htmlid parameter...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

PT-2023-28697 · Beyondtrust · Beyondtrust Remote Support +1

Name of the Vulnerable Software and Affected Versions: BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 through 23.2.2 Description: The issue is a command injection vulnerability that can be exploited through a malicious HTTP request, allowing an unauthenticated remo...

BeyondTrust Privileged Remote Access and Remote Support Command Injection Vulnerability

BeyondTrust Remote Support and BeyondTrust Privileged Remote Access BeyondTrust PRA are both products of BeyondTrust, Inc.BeyondTrust Remote Support is a remote desktop access, help desk and collaboration software for BeyondTrust Remote Support is a remote desktop access, helpdesk and collaborati...

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

Design/Logic Flaw

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

PT-2023-16876 · Unknown · Insightcloudsec

Name of the Vulnerable Software and Affected Versions: InsightCloudSec versions prior to 23.2.1 Description: An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. Thi...