PT-2026-24033

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

CVE-2025-53118 Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

PT-2025-34675 · Unknown · Unified Pam

Name of the Vulnerable Software and Affected Versions: Unified PAM affected versions not specified Description: An authentication bypass allows unauthenticated attackers to control administrator backup functions. Successful exploitation can lead to the compromise of passwords, secrets, and...

Arbitrary File Deletion Vulnerability in MOMOCMS

MoMoCMS is an enterprise building system developed by php+MySQL. An arbitrary file deletion vulnerability exists in the MOMOCMS 'unlink' function. Due to obtaining the within to be deleted via $GET'file' allows an attacker to delete database files backed up by the administrator...