CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

CVE-2025-15250 08CMS Novel System Template mtpls.inc.php code injection

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2013-6717

Malware in sbrugna...

EUVD-2017-7088

Malware in sbrugna...

EUVD-2012-3172

Malware in sbrugna...

EUVD-2023-26845

Malicious code in bioql PyPI...

CVE-2025-30086

CVE-2025-30086 affects CNCF Harbor: Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 are vulnerable to an ORM leak via the /api/v2.0/users endpoint. The q URL parameter lets an administrator filter by any column and abuse password=~ to leak a user’s password hash and salt character by charact...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-9343 Source advisory: OSV:GHSA-MQXX-C43H-JJ9V...

CVE-2018-18694

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases...

CVE-2025-29602

flatpress 1.3.1 is vulnerable to Cross Site Scripting XSS in Administration area via Manage categories...

PT-2025-14081 · WordPress · Gutentor

Name of the Vulnerable Software and Affected Versions: The Gutentor WordPress plugin versions prior to 3.4.7 Description: The issue allows admins to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before using it in a SQL statement. Recommendations: For...

CVE-2022-40602

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00ABLG.6C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator...

CVE-2024-54792

A Cross-Site Request Forgery CSRF vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users...

Siemens SIMATIC RTLS Locating Manager Incorrectly Assigns Critical Resource Privileges Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...

CVE-2017-20110

A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure Credentials. The attack may be launched remotely...

CVE-2021-32713

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overvi...

Cross site scripting

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overvi...

SQL Injection Vulnerability in Myeye Backend Administration (CNVD-2021-32780)

Myeye is a monitoring and control system. A SQL injection vulnerability exists in the backend administration of Myeye. An attacker can exploit the vulnerability to obtain sensitive database information...

Videoconferencing Enterprise Edition Server Administration Background Exists Arbitrary File Download Vulnerability

Videoconferencing Enterprise Edition Server Management Backend is a web-based videoconferencing product. An arbitrary file download vulnerability exists in the Video Conferencing Enterprise Edition server administration backend, which can be exploited by attackers to obtain sensitive information...

HPE Integrated Lights Out 4 and 5 for Gen Denial of Service Vulnerability

HPE Integrated Lights-Out 4 iLO 4 and Integrated Lights-Out 5 iLO 5 are both embedded server management technologies from Hewlett Packard Enterprise HPE that use an integrated remote management port to monitor and maintain the server operation, remote control of the server, and more through an...