CVE-2025-59154 Openfire allows potential identity spoofing via unsafe CN parsing

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

PT-2023-18808 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under "/front/person/profile.html". Recommendations: For...

Exploit for CVE-2022-37210

CVE-2022-37210 CVE-2022-37210 POC Suggested description...

CVE-2022-29648

A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...

CVE-2016-8314

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...