16 matches found
OpenC3 COSMOS - Hijacked session token can be used to reset password for persistence
Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...
UBUNTU-CVE-2026-23921
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...
CVE-2026-24038
Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...
PT-2026-1125
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, has an issue where API routes remain active even after the initial installation is complete. The API endpoints /install/api/ are directly accessib...
PT-2025-44439
Name of the Vulnerable Software and Affected Versions JATOS versions 3.7.1 through 3.9.6 Description A Reflected Cross-Site Scripting XSS issue exists in JATOS. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the code URL...
CVE-2025-60954
CVE-2025-60954 affects Microweber CMS 2.0, where the password reset flow enforces no minimum length or complexity, allowing extremely weak (even single-character) passwords and risking account compromise, including admin accounts. The vulnerability surface is the password reset process in Microwe...
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
EUVD-2020-18381
Malware in sbrugna...
EUVD-2024-37899
Malicious code in bioql PyPI...
CVE-2025-4334
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to registe...
CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...
PLANET WGS-804HPT和PLANET WGS-4215-8T2S 访问控制错误漏洞
PLANET WGS-804HPT and PLANET WGS-4215-8T2S are both products of PLANET China.PLANET WGS-804HPT is an innovative industrial-grade 8-port 10/100/1000T wall-mounted managed switch.PLANET WGS-4215-8T2S is an innovative industrial-grade PLANET WGS-4215-8T2S is an innovative industrial grade 8-port...
PT-2024-31859
Name of the Vulnerable Software and Affected Versions Contao version 5.4.1 Description The issue allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site...
PT-2024-26955 · WordPress · Hl Twitter Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when unlinking Twitter accounts, potentially allowing attackers to make logged-in admins perform such actions via a CSRF attack...
UBUNTU-CVE-2019-12385
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...