CVE-2026-34724

Zammad (web-based helpdesk) contains a server-side template injection vulnerability leading to remote code execution via the AI Agent, present before version 7.0.1. The impact is restricted to environments where an attacker can influence type_enrichment_data (typically high-privilege administrati...

EUVD-2019-11473

Malware in sbrugna...

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

GHSA-QHMJ-29VH-8MJM Incorrect Authorization in Jenkins Request Rename Or Delete Plugin

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

Cross site request forgery (csrf)

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

GHSA-C445-XM3F-HMFH Incorrect permission check in Health Advisor by CloudBees Plugin

Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view an administrative configuration page. Health Advisor by CloudBees Plugin 3.2.1 requires Overall/Administer to view its...

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

Design/Logic Flaw

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

PT-2021-12112 · Unknown · Susi.Ai Server

Name of the Vulnerable Software and Affected Versions: SUSI.AI Server versions prior to d27ed0f Description: The issue is due to insufficient input validation, leading to a directory traversal vulnerability. This allows an attacker to retrieve any admin config and file readable by the app...

Unspecified Vulnerability in Scytl sVote

Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by an attacker to retrieve the administrative configuration by sending a POST request to the sdm-ws-rest pre-configured URI...

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

Authentication flaw

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

Scytl sVote 访问控制错误漏洞

Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by an attacker to retrieve the administrative configuration by sending a POST request to the sdm-ws-rest pre-configured URI...

loklak path traversal vulnerability

Loklak Server is a server-side application from the Loklak team for collecting text information from multiple sources. loklak suffers from a path traversal vulnerability that stems from insufficient input validation leading to a directory traversal vulnerability. An attacker can exploit this...

Abyss Web Server 1.0 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4466/info Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux. It is possible for a remote attacker to...

Alice Gate2 Plus Wi-Fi Router - Cross-Site Request Forgery

Alice Gate2 Plus Wi-Fi Router - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/27374/info Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to alter administrative configuration on affected devices...

Abyss Web Server 1.0 - File Disclosure

source: https://www.securityfocus.com/bid/4466/info Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux. It is possible for a remote attacker to disclose the contents of arbitrary...