CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

EUVD-2021-25547

Malware in sbrugna...

EUVD-2020-4424

Malware in sbrugna...

EUVD-2020-0249

Malware in sbrugna...

TencentOS Server 3: mailman:2.1 (TSSA-2022:0093)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0093 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-4939

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

Alibaba Cloud Linux 3 : 0093: mailman:2.1 (ALINUX3-SA-2022:0093)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0093 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12108: /options/mailman in GNU...

Linux Distros Unpatched Vulnerability : CVE-2020-12108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 Note that Nessus relies on the presence of the package as...

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

CVE-2024-5955

Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...

PT-2024-37268 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator versions prior to 5.10 Service Pack 1 Update 3 Description: A cross-site scripting issue allows a remote authenticated attacker to craft requests that cause arbitrary content to be injected into the response when...

RHEL 7 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: arbitrary content injection via the options login page CVE-2020-12108 - mailman: XSS via file...

RHEL 5 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: Missing CSRF protection in admin web interface CVE-2016-7123 - Cross-site request forgery CSRF...

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...

CVE-2023-6072

A cross-site scripting vulnerability in Trellix Central Management CM prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard...

Cross site scripting

A cross-site scripting vulnerability in Trellix Central Management CM prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard...

PT-2024-14874 · Trellix · Trellix Central Management

Name of the Vulnerable Software and Affected Versions: Trellix Central Management versions prior to 9.1.3.97129 Description: A cross-site scripting issue allows a remote authenticated attacker to craft internal requests to the CM dashboard, causing arbitrary content to be injected into the respon...

GitLab 14.9 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-2527)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15...

Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection

Description The Responsive Tabs plugin for WordPress is vulnerable to Arbitrary Content Injection in versions prior to 4.0.6. This vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, to inject new content onto the website, possibly through th...