254 matches found
nginx:1.24 security update
An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...
Apache 2.4.x < 2.4.65
The version of Apache httpd installed on the remote host is prior to 2.4.65. It is, therefore, affected by a vulnerability as referenced in the 2.4.65 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to...
CVE-2025-53260
Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...
CVE-2025-44163
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...
TencentOS Server 4: pcs (TSSA-2024:0533)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-0923
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
CVE-2025-30183
CyberData 011209 Intercom does not properly store or protect web server admin credentials...
CVE-2025-0923 IBM Cognos Analytics information disclosure
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
CVE-2025-30183
CyberData 011209 Intercom does not properly store or protect web server admin credentials...
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
Summary An authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as...
CVE-2019-6852
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
CVE-2002-2014
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks...
CVE-1999-0173
FormMail CGI program can be used by web servers other than the host server that the program resides on...
CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...
PT-2025-22415 · Automationdirect · Mb-Gateway
Name of the Vulnerable Software and Affected Versions: AutomationDirect MB-Gateway affected versions not specified Description: The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, ...
CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-2865
CVE-2025-2865 affects Arteche/saTECH BCU firmware 2.1.3. The issue is a reflected/stored cross-site scripting (XSS) vulnerability in the web server that could cause malicious resources to be stored and interpreted by victims when visiting the affected site. Multiple sources corroborate firmware 2...
CVE-2025-28220
Tenda W6S v1.0.0.4510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request...
CVE-2024-54448
CVE-2024-54448 concerns the LogicalDOC Automation Scripting feature, which an attacker with admin privileges or granted access can abuse to execute arbitrary commands on the web server hosting LogicalDOC. The vulnerability enables remote code execution on the underlying operating system via the A...
CVE-2024-52384
Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generatio...