CVE-2025-9240

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2025-9240 elunez eladmin info information disclosure

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

PT-2025-34145 · Elunez · Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A security flaw has been discovered in elunez eladmin up to version 2.7. This issue affects an unknown functionality of the file /auth/info. Manipulation of this functionality results in...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez individual developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from insufficient authentication of access to the /auth/info file, which can be exploited by remote attackers to disclose information...

Linux Distros Unpatched Vulnerability : CVE-2020-14553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 5.7.30 and prior and 8.0.2...

Linux Distros Unpatched Vulnerability : CVE-2024-52946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication leve...

CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...

Low: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server...

Trend Micro Apex One Multiple Vulnerabilities (KA-0020652)

According to its self-reported version, the Trend Micro application running on the remote Windows host is Apex One prior to SP1 Server Build 14081 and Agent Build 14081. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability in Trend Micro Apex One...

Linux Distros Unpatched Vulnerability : CVE-2017-10155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier an...

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

Linux Distros Unpatched Vulnerability : CVE-2021-41303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to...

CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...

PT-2025-33435 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A vulnerability was found in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of...

UBUNTU-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

Linux Distros Unpatched Vulnerability : CVE-2023-0122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service D...

Linux Distros Unpatched Vulnerability : CVE-2025-38089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a...