CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

Progress Flowmon ADS SQL注入漏洞

Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

PT-2025-48579

Name of the Vulnerable Software and Affected Versions fastify-reply-from versions prior to 12.5.0 Description fastify-reply-from is a Fastify plugin used to forward HTTP requests to another server. Versions of the plugin prior to 12.5.0 contain a flaw where a malicious URL can be crafted to allow...

PT-2025-41379

Name of the Vulnerable Software and Affected Versions Progress Flowmon versions prior to 12.5.5 Description A flaw exists in the Progress Flowmon web application that allows an attacker to manipulate authenticated users through malicious links. Clicking a crafted link can trigger unintended actio...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the downloadFile function in the ModuleController.php file, which fails to validate the query parameter file. An authenticated attacker with access to the backend module can access...

CVE-2024-22106

Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service DoS...

CVE-2022-32798

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges...

CVE-2021-44514

OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories...

vmware_escape

This is an exploit module for VMware Workstation prior to version 12.5.5. The exploit targets a vulnerability in the way VMware handles certain types of memory access, allowing an attacker to execute arbitrary code on the host system. The exploit is designed to be used by an attacker who has gain...

CVE-2019-1685

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

Aryanic HighPortal Cross-Site Scripting Vulnerability

Aryanic HighPortal is an enterprise portal system based on Java and ASP.NET. A cross-site scripting vulnerability exists in Aryanic HighPortal version 12.5. A remote attacker can exploit this vulnerability by adding tags to inject arbitrary web script or HTML...

PT-2005-2203 · X Ways · Winhex

Name of the Vulnerable Software and Affected Versions: WinHex version 12.05 SR-14 Description: A heap-based buffer overflow may occur due to a long file name argument, potentially allowing attackers to execute arbitrary code. However, since this issue is in the command line of an unprivileged...