CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

1millionbot Millie chatbot 安全漏洞

1millionbot Millie chatbot is a chatbot system provided by the Spanish company 1millionbot, capable of offering intelligent dialogue and automated customer service capabilities. There is a security vulnerability in 1millionbot Millie chatbot, which stems from the possibility for users to use...

EUVD-2019-4377

Malware in sbrugna...

Command injection

?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials...

CVE-2022-34888

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect...

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD. Mitigation - Add a default admission controller to prevent the creation of projects or...

Design/Logic Flaw

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...

CVE-2019-12794

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...

RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack

It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack...

ExpressionEngine: Filename and directory enumeration

Hello, The "Import File Converter" can be abused by an admin to map the server directories and files, because the "File location" field doesn't sanitize the user input and allows access to root directories and files. Steps to reproduce: 1- Go to...

Geeklog 1.6.0sr1 - Arbitrary File Upload

Geeklog 1.6.0sr1 - Arbitrary File Upload ============================================================================== Geeklog = v1.6.0sr1 - Remote Arbitrary File Upload Software Site: http://www.geeklog.net Dork: "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml...

Geeklog 1.6.0sr1 File Upload

============================================================================== Geeklog with the URL of the Geeklog site. Opens an interactive browser session where you can create directories and upload files. This also exposes all the files in the images/Library/File|Image|Media|Flash directories...

Geeklog <- 1.6.0sr1 - Remote Arbitrary File Upload

============================================================================== Geeklog = v1.6.0sr1 - Remote Arbitrary File Upload Software Site: http://www.geeklog.net Dork: "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml...

MDaemon 5.0.5 authentication vulnerability

Hello, There is a security problem on MDaemon 5.0.5 maybe other versions affected as well regarding smtp authentication. Blank password authenticates any valid user: For primary domain: User: VALIDUSER or [email protected] Password: blank password For secondary domains: User:...