Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

🔓 CVE-2026-3055 - Citrix NetScaler Memory Overread Exploit !...

CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

CVE-2021-27903

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...

EUVD-2021-18653

Malware in sbrugna...

EUVD-2017-3798

Malware in sbrugna...

EUVD-2007-3230

Malware in sbrugna...

EUVD-2021-30027

Malicious code in bioql PyPI...

CVE-2023-43742

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function...

CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser...

PT-2024-23844 · Plug&Track +1 · Sensor Net Connect V2 +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. This is due to the insertion o...

CVE-2023-43742

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function...

Authentication flaw

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function...

Fortinet FortiWeb Padding oracle in cookie encryption (FG-IR-21-126)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-126 advisory. - An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6....

K61045143: Configuration utility CSRF vulnerability

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, may allow a malicious site to force an administrative session to log out and require re-authentication. Impact A remote...

CVE-2021-43074

An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...

CVE-2021-43074

An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...

Protect

An improper verification of cryptographic signature vulnerability CWE-347 in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter...

Shopware 代码问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A code issue exists in Shopware where a vulnerability exists because the administrative session expiration date is set to one week, which allows an attacker to use the session for a long period of time if the...

CVE-2021-31373

A persistent Cross-Site Scripting XSS vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web...

CVE-2021-31769

CVE-2021-31769 affects MyQ X Smart prior to 8.2. The vulnerability allows remote code execution because administrative session data can be read from %PROGRAMFILES%\MyQ\PHP\Sessions, and the non‑administration‑restricted “Select server file” feature enables attackers to inject arbitrary OS command...