CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

EUVD-2021-25547

Malware in sbrugna...

EUVD-2020-4424

Malware in sbrugna...

EUVD-2020-0249

Malware in sbrugna...

TencentOS Server 3: mailman:2.1 (TSSA-2022:0093)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0093 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-4939

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

Alibaba Cloud Linux 3 : 0093: mailman:2.1 (ALINUX3-SA-2022:0093)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0093 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12108: /options/mailman in GNU...

Linux Distros Unpatched Vulnerability : CVE-2020-12108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 Note that Nessus relies on the presence of the package as...

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

CVE-2024-5955

Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...

PT-2024-37268 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator versions prior to 5.10 Service Pack 1 Update 3 Description: A cross-site scripting issue allows a remote authenticated attacker to craft requests that cause arbitrary content to be injected into the response when...

RHEL 7 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: arbitrary content injection via the options login page CVE-2020-12108 - mailman: XSS via file...

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...

RHEL 5 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: Missing CSRF protection in admin web interface CVE-2016-7123 - Cross-site request forgery CSRF...

CVE-2023-6072

A cross-site scripting vulnerability in Trellix Central Management CM prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard...

Cross site scripting

A cross-site scripting vulnerability in Trellix Central Management CM prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard...

PT-2024-14874 · Trellix · Trellix Central Management

Name of the Vulnerable Software and Affected Versions: Trellix Central Management versions prior to 9.1.3.97129 Description: A cross-site scripting issue allows a remote authenticated attacker to craft internal requests to the CM dashboard, causing arbitrary content to be injected into the respon...

GitLab 14.9 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-2527)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15...

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin < 1.3.4 - Authenticated (Contributor+) Content Injection

Description The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through...