CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

CVE-2021-47927

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

PT-2026-39503

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

CVE-2026-35411

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

Lexmark Printers Improper Authentication (CVE-2021-44736)

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the out of service erase feature. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

EUVD-2020-22670

Malware in sbrugna...

EUVD-2018-18273

Malware in sbrugna...

EUVD-2020-10583

Malware in sbrugna...

PT-2025-33441 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection vulnerability exists in itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is located in an unknown function within the...

TRENDnet TV-IP121W 授权问题漏洞

TRENDnet TV-IP121W is a night vision wireless camera from Trendnet. An authorization issue vulnerability exists in TRENDnet TV-IP121W version 1.1.1 Build 36, which stems from improper authentication in the file /admin/setup.cgi...

CVE-2024-21081

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Attribute Admin Setup. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...

CVE-2024-8584

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in...

PT-2024-4898 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Attribute Admin Setup component of Oracle Partner Management. This allows an unauthenticated attacker with netwo...

Lexmark 授权问题漏洞

Lexmark is a family of printers in the United States. An authorization issue vulnerability exists in Lexmark devices, which arises from the product's initial administrative account setup wizard allowing an unauthenticated user's access to the out-of-service erase function...

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...

CVE-2021-2195

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Attribute Admin Setup. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...