CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

EUVD-2019-8666

Malware in sbrugna...

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

Elite Graphix Elite Cms SQL注入漏洞

eliteCMS is a popular content management system. A SQL injection vulnerability exists in eliteCMS /admin/functions/functions.php, which can be exploited by remote attackers to submit a special SQL request to manipulate the database, obtain sensitive information or execute arbitrary code...

Critical Bugs Open Food-Safety Systems to Remote Attacks

Two critical vulnerabilities in a food-quality management software package would allow adversaries to completely compromise the system. The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides a central...

Microsoft Windows Task Management Privilege Elevation Vulnerabilities (3089657)

This host is missing an important security update according to Microsoft Bulletin MS15-102. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Home Hacking Made Simple

SEATTLE–Like most security researchers, David Jacoby is naturally curious about how things work, and whether they can be made to do things they weren’t meant to do. Sitting at home in Sweden a few months ago, he looked at all of the Web-enabled devices in his house–TV, game console, network stora...

CVE-2006-3935

Alkacon OpenCms before 6.2.2 has improper access control in system/workplace/views/admin/admin-main.jsp, allowing remote authenticated users to perform six admin actions (broadcast messages, list users, add webusers, upload import/export files, upload modules, read the log file) by manipulating t...

Informix Webdriver 1.0 - Remote Administration Access

source: https://www.securityfocus.com/bid/2166/info Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions. Under very specific circumstances, if webdriver is called directly, without any...