CVE-2026-25739

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

EUVD-2025-24564

Malicious code in bioql PyPI...

EUVD-2022-2861

Malicious code in bioql PyPI...

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

CVE-2025-8907

The CVE-2025-8907 entry concerns H3C M2 NAS V100R006, where the Webserver Configuration component is implicated. The vulnerability is described as allowing execution with unnecessary privileges via local manipulation, with attack complexity rated high and requiring local access. Vendor notes indi...

CVE-2025-8907 H3C M2 NAS Webserver Configuration unnecessary privileges

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

H3C M2 NAS 安全漏洞

H3C M2 NAS is a home private cloud disk from China's Xinhua San H3C. A security vulnerability exists in H3C M2 NAS version V100R006, which originates in the Webserver Configuration component that could lead to unwanted privilege execution...

PT-2025-32986 · H3C · H3C M2 Nas

Name of the Vulnerable Software and Affected Versions: H3C M2 NAS version V100R006 Description: A vulnerability exists in the Webserver Configuration component of H3C M2 NAS version V100R006. The vulnerability allows for execution with unnecessary privileges through manipulation. An attack must b...

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2020-28946

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

CVE-2019-8232

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

CVE-2024-10486

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

CVE-2024-10486

The CVE-2024-10486 issue affects the Google for WooCommerce WordPress plugin (versions

CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

PT-2024-13015 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns the use of basic authentication for user login to the configuration interface of a webserver. Since encryption is disabled on port 80, this setup allows potential...

CVE-2024-31869

The CVE affects Apache Airflow 2.7.0–2.8.4, where an authenticated user can view sensitive provider configuration on the configuration UI if webserver.expose_config is set to non-sensitive-only; the Celery provider is noted as having sensitive configurations. Impact is information disclosure via ...

Magento 2 Community Edition RCE Vulnerability

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...