CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

EUVD-2026-16642

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

PT-2026-5292

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

CVE-2025-66304 Grav Exposes Password Hashes Leading to privilege escalation

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack thes...

CVE-2025-66304 Grav Exposes Password Hashes Leading to privilege escalation

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack thes...

CVE-2024-57252

OtCMS =V7.46 is vulnerable to Server-Side Request Forgery SSRF in /admin/read.php, which can Read system files arbitrarily...

PT-2025-3422 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OtCMS versions =7.46 Description: The issue allows for Server-Side Request Forgery SSRF in the "/admin/read.php" API endpoint, enabling arbitrary system file reads. Recommendations: For OtCMS versions =7.46, as a temporary workaround, conside...

PLANET switch devices 安全漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. A security vulnerability exists in PLANET switch devices that stems from the use of an insecure hash function that is not salted to hash user passwords. A remote attacker with administrator privileges could rea...

CVE-2023-3241

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be...

Odoo 安全漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in the Python language, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...