6142 matches found
CVE-2026-4420
Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...
PYSEC-2026-170
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...
Exploit for CVE-2026-39324
CVE-2026-39324 Rack::Session::Cookie decrypt failure falls...
MRCMS 安全漏洞
MRCMS is a content management system developed by Marker individuals. Version MRCMS 3.1.2 has a security vulnerability, which stems from improper access control. This vulnerability could allow unauthorized users to add super administrator accounts without authentication...
SUSE CVE-2026-34386
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2019-25675
CVE-2019-25675 concerns the eDirectory product, affecting all versions per title, with multiple SQL injection vulnerabilities. The root cause is unparameterized SQL in the login flow, allowing unauthenticated attackers to bypass administrator authentication by injecting SQL into the key parameter...
EUVD-2018-21730
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...
PT-2026-30345
Name of the Vulnerable Software and Affected Versions Visitor Traffic Real Time Statistics plugin for WordPress versions up to and including 8.4 Description The Visitor Traffic Real Time Statistics plugin for WordPress is susceptible to Stored Cross-Site Scripting through the page title parameter...
CVE-2018-25236
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...
CVE-2017-20234
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20235
CVE-2017-20235 affects ProSoft Technology ICX35-HWC gateways (firmware version 1.3 and earlier). The issue is an authentication bypass in the web user interface that lets unauthenticated attackers access administrative functions and full device configuration without valid credentials. Affected co...
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20234
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2016-15058
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...
CVE-2016-15058 Hirschmann HiLCOS Classic Platform Password Exposure via SNMP
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...
CVE-2026-34990
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...
PT-2026-30246
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...
PT-2026-30262
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...