📄 Spectrum ANOG Device Credential Extraction / Command Injection

This Metasploit auxiliary module targets Spectrum/ANOG devices and combines credential extraction, password decryption, and remote command execution through an authenticated command injection flaw...

EUVD-2026-3536

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Oracle Analytics Cloud. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

CVE-2026-21963

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version: 3.2.41.10.26 Tested on: Window Server 2016 1. Login to web application 2. Click on Entire...

SUSE CVE-2017-3610

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

Mangroves has a flawed logic vulnerability

Mangroves is an intelligent vehicle monitoring system. Mangroves is vulnerable to a logic flaw. An attacker can exploit the vulnerability to bypass authenticated login by constructing a cookie message...

CVE-2021-3333

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting XSS. When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link...

Improper access control

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

TIBCO Partnerexpress Authorization Issues Vulnerability

TIBCO Partnerexpress is a Php-based barcode generator by product name platform from Egavilan Media TIBCO, USA. A security vulnerability exists in TIBCO PartnerExpress 6.2.0, which stems from the REST API component containing a vulnerability that could theoretically be exploited by an...

PT-2020-16109 · Cmsuno · Cmsuno

Name of the Vulnerable Software and Affected Versions: CMSuno version 1.6.2 Description: The issue allows an attacker to inject malicious PHP code as a username while changing their username and password. After the attacker logs in to the application, their code will be executed, enabling an...

PT-2019-2937 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to insufficient authorization validation in the web-based management interface of Cisco Adaptive Security Appliance ASA Software...