253 matches found
EUVD-2026-43140
The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-34912
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
EUVD-2026-38501
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
CVE-2026-34912
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
CVE-2026-34912
Affected software: Revive Adserver ≤ 6.0.6. Vulnerability: Missing access control when linking banners or campaigns to a zone via zone-include.php or the API. Impact (as stated): A low-privileged user could link zones to banners/campaigns owned by other managers on the same instance, causing inco...
CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...
CVE-2026-48108
Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...
CVE-2025-31975
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
WordPress plugin CM Ad Changer 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Vulnerability-Exploit-Correlation-Engine
Vulnerability-Exploit-Correlation-Engine Passive-analysis CLI...
EUVD-2025-209690
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
CVE-2025-31975
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
CVE-2025-31975
Technical details about CVE-2025-31975 are not publicly available in the provided documents. The sources describe an information disclosure via server banners but do not specify affected versions, root cause, exploitability, or remediation. Monitor for updates.
CVE-2025-31975 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
PT-2026-37632
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
Global Web, Local Privacy? an International Review of Web Tracking
Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the...
Revive Adserver: Missing access control when linking banners or campaigns to zones
A missing access control check was identified when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API. This could have allowed a low-privileged user to link their zones to banners or campaigns owned by other managers on...
CVE-2019-25643
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...