EUVD-2021-30801

Malicious code in bioql PyPI...

CVE-2022-41612

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shareaholic Similar Posts plugin = 3.1.6 versions...

CVE-2022-44594

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Codebangers All in One Time Clock Lite plugin = 1.3.320 versions...

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

PT-2023-25189 · Serv-U · Serv-U

Name of the Vulnerable Software and Affected Versions: Serv-U version 15.4 Description: A vulnerability has been identified that allows an actor to bypass multi-factor or two-factor authentication. The actor must have administrator-level access to perform this action. Recommendations: For Serv-U...

CVE-2020-5414

VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...

EUVD-2022-3116

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...