CVE-2026-42611

Grav CVE-2026-42611 is a stored XSS in Grav Core + Admin Plugin (versions around v1.7.49.5 / v1.10.49.1) that a low-privileged user can exploit via page content to exfiltrate admin context, including the admin nonce, potentially bypass CSRF protections and enable further actions on sensitive admi...

CVE-2026-42611 Grav: Stored XSS via Tag Injection

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

Google Android suffers from unspecified vulnerability (CNVD-2026-14648)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...

CVE-2025-48645

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48645

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48645

PT Security vulnerability records PT-2026-4689, PT-2026-4690, PT-2026-4688, PT-2026-4686, PT-2026-4692, PT-2026-4684, PT-2026-4683, PT-2026-4687, PT-2026-4691 describe upcoming patch-level advisories listing CVE-2025-48645 as a High severity issue among a long list of CVEs (including CVE-2026-00x...

EUVD-2025-28299

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-50291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

1000 Projects Daily College Class Work Report Book 注入漏洞

1000 Projects Daily College Class Work Report Book is an open source college class work report book by 1000 Projects. An injection vulnerability exists in 1000 Projects Daily College Class Work Report Book version 1.0, which originates from SQL injection due to the operation of the parameter batc...

CVE-2024-39023

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via admin/infodeal.php?mudi=add&nohrefStr=close...

PT-2024-28352 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in idccms. It can be exploited via the "admin/info deal.php" endpoint with specific parameters mudi and nohrefStr. The mudi parameter is set to rev and...

CVE-2024-39153

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infodeal.php?mudi=del&dataType=news&dataTypeCN...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS v1.35, which originates from the component /admin/infodeal.php?mudi=del&dataType=news&dataTypeCN...

PT-2024-28365 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component /admin/info deal.php?mudi=del&dataType=news&dataTypeCN. This issue allows for unauthorized requests to be made. The mudi, dataType, and...

idccms 安全漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idccms v1.35, which was discovered via the component /admin/infoWebdeal.php?mudi=rev an...

GHSA-3HWC-RQWP-V36Q Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

DEBIAN-CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

PT-2024-1632 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.2.x Description: The issue is related to insufficient protection of credentials in Apache Solr. One of the endpoints, "/admin/info/properties", was only set up to...

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...