EUVD-2026-30250

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

EUVD-2021-0191

Malware in sbrugna...

EUVD-2020-20344

Malware in sbrugna...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

CVE-2024-52052

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution...

PT-2023-21868 · Apiman · Apiman

Name of the Vulnerable Software and Affected Versions: Apiman versions prior to 3.1.0.Final Description: Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may gain access to API keys they do not have permission for if they correctly guess the URL, which...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

Sql injection

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

FreeBSD : Asterisk -- multiple vulnerabilities (3c7d565a-6c64-11e0-813a-6c626dd55a41)

The Asterisk Development Team reports : It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the 'Async' header with the 'Application' header during an Originate action, allows authenticat...