2438 matches found
PT-2025-34972
Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0a and earlier Description: An inadequate encryption strength issue exists that may allow a remote, unauthenticated attacker to access a function requiring authentication...
CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
CVE-2025-20348 Cisco Nexus Dashboard Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
Linux Distros Unpatched Vulnerability : CVE-2020-8866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is...
Linux Distros Unpatched Vulnerability : CVE-2025-23203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several...
CVE-2025-57425
A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...
Linux Distros Unpatched Vulnerability : CVE-2018-12482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. CVE-2018-12482 Note that...
Linux Distros Unpatched Vulnerability : CVE-2017-9774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. CVE-2017-9774 Note that Nessus...
CVE-2025-9131
CVE-2025-9131 (Ogulo – 360° Tour, WordPress) Vulnerability type: Stored Cross-Site Scripting via the slug parameter in all versions up to and including 1.0.11. Exploitation requires authenticated access at Contributor level or higher; attacker can inject scripts that run when pages are viewed by ...
PT-2025-34485 · Unknown · Easy Hosting Control Panel
Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The List MySQL Databases function in Easy Hosting Control Panel EHCP is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute...
CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations
Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15...
Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds function. The issue results from the...
Linux Distros Unpatched Vulnerability : CVE-2022-24048
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges ...
Linux Distros Unpatched Vulnerability : CVE-2022-24051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected...
Linux Distros Unpatched Vulnerability : CVE-2022-24052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges o...
Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...
Linux Distros Unpatched Vulnerability : CVE-2020-8865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is...
CVE-2025-6079
CVE-2025-6079 affects the School Management System for WordPress plugin (WordPress). It enables authenticated attackers with Student-level access or higher to upload arbitrary files due to missing file type validation in homework.php, across all versions up to 93.2.0. The vulnerability could pote...
CVE-2025-42976
SAP NetWeaver Application Server ABAP BIC Document allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can...