CVE-2012-5898

Cross-site request forgery CSRF vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings...

CVE-2010-4519

Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...

CVE-2010-2268

Cross-site request forgery CSRF vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts...

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

CVE-2011-1341

Cross-site request forgery CSRF vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data...

📄 Magnolia DX Core 6.3.8 Command Injection

Magnolia DX Core version 6.3.8 suffers from a remote command injection vulnerability. Exploit Title: Magnolia DX Core 6.3.8 - Command Injection Date: 05/16/2025 Exploit Author: tmrswrr Version: 6.3.8 Vendor home page: https://docs.magnolia-cms.com/home/ Product:...

Siemens OZW672 操作系统命令注入漏洞

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

Exploit for CVE-2025-39601

🚨 CVE-2025-39601 - CSRF to RCE in WordPress Custom CSS, JS & P...

CVE-2024-10444

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors...

Synology DiskStation Manager 信任管理问题漏洞

Synology DiskStation Manager DSM is an operating system for use on networked storage servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and other information. A trust management issue vulnerability exists in Synology...

CVE-2024-13850

The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

CVE-2024-33616

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the...

CVE-2024-33616

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the...

CVE-2024-33616

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the...

CVE-2024-33616

CVE-2024-33616 affects Sharp MFPs (Sharp Multi-Function Printers). Reported issue: admin authentication can be bypassed using specific invalid credentials, allowing login with administrative privileges. The telnet feature is noted as present only on older models, with Sharp planning a firmware up...

PT-2024-38846

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-6861

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...

CVE-2024-6861 Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...