10 matches found
CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys
Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...
CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
PT-2025-44671
Name of the Vulnerable Software and Affected Versions Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2 Description The Summer Pearl Group Vacation Rental Management Platform is affected by inadequate server-side authorization. Authenticated attackers can access and...
GHSA-V4J2-CWMM-XG89 OpenCart Path Traversal vulnerability
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...
CVE-2022-27960
Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...
Hard-coded credential vulnerability in multiple Philips products
Philips PageWriter TC10 Cardiograph and others are different models of electrocardiograph equipment from Philips Netherlands. A security vulnerability exists in a number of Philips products that stems from the program's use of hard-coded credentials. An attacker in close physical proximity could...
Admin Bot - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/50562/info Admin Bot is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
CodeWidgets Web Based Alpha Tabbed Address Book - index.asp SQL Injection
CodeWidgets Web Based Alpha Tabbed Address Book - index.asp SQL Injection source: https://www.securityfocus.com/bid/26193/info CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in...
DSLogin 1.0 - index.php Multiple SQL Injections
DSLogin 1.0 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/17262/info DSLogin is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...