CVE-2025-55717

A cleartext storage of sensitive information vulnerability CWE-312 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder...

CVE-2025-7329

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation...

CVE-2025-7329

CVE-2025-7329 describes a Stored Cross-Site Scripting vulnerability in Rockwell Automation Comms-1783-NATR (industrial Ethernet translation device). The issue arises from missing filtering/encoding of user input, allowing a logged-in administrator to update configuration fields and potentially vi...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery CSRF, which can be exploited by adversaries to target internal resources...

UBUNTU-CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

Arbitrary File Upload

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Arbitrary File Upload. After logging in as an administrator, you can upload a compressed package carrying malicious files to achieve the purpose of remote code execution. Remediation Upgrade...

CVE-2020-15182

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery CSRF and Remote Code Execution RCE. The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially...

PT-2019-9287 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the action=evaluate endpoint. It is noted that the vendor does not consider this a vulnerability, as the plugin can only be used by a logged-in...

CVE-2018-18790

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/specialadd.php via a zxbigclassid cookie. This needs an admin user login...

CVE-2018-18784

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. This needs an admin user login...

CVE-2017-17947

A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure PCS before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure PPS before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL...