CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2024-22638

liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...

PT-2024-19514 · Livesite · Livesite

Name of the Vulnerable Software and Affected Versions: liveSite version 2019.1 Description: The issue is related to a remote code execution RCE via the components "/livesite/edit designer region.php" or "/livesite/add email campaign.php". Recommendations: For liveSite version 2019.1, at the momen...

CVE-2024-22638

liveSite v2019.1 was discovered to contain a remote code execution RCE vulenrabiity via the component /livesite/editdesignerregion.php or /livesite/addemailcampaign.php...

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...

CVE-2018-17388

SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to logincheck.php, or the id parameter to addemail.php or editcontent.php...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15889)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "Add Email Alert" method in Quest DR Series Disk Backup Software versions prior to 4.0.3.1. An attacker could exploit this vulnerability to execute system commands...