CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

PT-2025-46649

Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to 3.0.7 and Nagios XI version 5.7.4, which...

EUVD-2020-10085

Malware in sbrugna...

EUVD-2019-0693

Malware in sbrugna...

CVE-2020-18475

Cross Site Scripting XSS vulnerabilty exists in Hucart CMS 5.7.4 is via the mestitle field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed...

CVE-2020-18158

Cross Site Scripting XSS vulnerability in HuCart 5.7.4 via nickname in index.php...

CVE-2020-18476

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usdimage field...

WordPress Premium Packages Plugin <= 5.7.4 is vulnerable to Privilege Escalation

Software Premium Packages Type Plugin Vulnerable versions = 5.7.4 Fixed in 5.7.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc8d08d3355c Credits Lana...

CVE-2023-4293

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...

PT-2023-6137 · WordPress · The Premium Packages – Sell Digital Products Securely

Name of the Vulnerable Software and Affected Versions: Premium Packages - Sell Digital Products Securely plugin for WordPress versions up to, and including, 5.7.4 Description: The issue is related to insufficient restriction on the wpdmpp update profile function, allowing authenticated attackers...

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection to perform blind SQL injection...

PT-2021-19548 · Mcafee · Mcafee Agent For Windows

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.4 Description: The issue is related to improper access control in the repair process, allowing a local attacker to perform a DLL preloading attack using unsigned DLLs. This results in elevation o...

HuCartCMS SQL Injection Vulnerability (CNVD-2021-68440)

HuCart HuCart is an open source enterprise website building system. HuCartCMS version 5.7.4 has a SQL injection vulnerability in the header usdimage field. An attacker can use this vulnerability to launch SQL injection attacks...

CVE-2020-18476

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usdimage field...

CVE-2020-18477

SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message concontent field...

Concrete5 5.7.4 SQL Injection

----------------------------------------------------------- Concrete5 0 173. foreach $filterEntities as $ent 174. $filters = $ent-getAccessEntityID; 175. 176. $peIDs .= 'and peID in ' . implode$filters, ',' . ''; 177. 178. if $accessType == 0 179. $accessType = ''; 180. else 181. $accessType = '...