CVE-2026-24381

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

EUVD-2020-30809

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly...

CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44471

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3 Description Nagios XI versions prior to 5.7.3 have a privilege escalation issue in the getprofile.sh helper script. The script handles profile retrieval and initialization with insecure file and command...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

Linux Distros Unpatched Vulnerability : CVE-2022-1649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be...

Linux Distros Unpatched Vulnerability : CVE-2022-1452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in rbinjavabootstrapmethodsattrnew function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past...

SUSE CVE-2016-8290

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633...

CVE-2022-1899

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0...

PT-2021-19538 · Mcafee · Mcafee Agent For Windows

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.4 Description: The issue is related to improper privilege management in the maconfig utility for McAfee Agent for Windows. This allows a local user to gain access to sensitive information. The...

PT-2021-6459 · Unknown +1 · Jupyter Notebook +1

Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.11 Jupyter Notebook versions prior to 6.4.1 Description: The issue is related to the incorrect filtering of special symbols in the Caja component of the Jupyter Notebook environment, allowing a remote...

Wikindx Cross-Site Scripting Vulnerability

Wikindx is a virtual research environment online bibliography and quote/notes management and article creation system. Wikindx before 5.7.0 and 6.x through 6.4.0 suffers from a cross-site scripting vulnerability that originates from the message parameter in index.php?action=initLogon or...

CVE-2020-27990

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool add agent...

PT-2019-12950 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7 Description: A PHP object instantiation issue in Shopware allows a crafted web request to trigger an arbitrary deserialization, potentially leading to remote code execution if the right class is instantiated. Th...

CVE-2017-3234

Vulnerability in the Automatic Service Request ASR component of Oracle Support Tools subcomponent: ASR Manager. The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via SFT to compromise Automatic Service...

Red Hat CloudForms Management Engine Elevation of Privilege Vulnerability

Red Hat CloudForms Management Engine CFME is an IaaS Infrastructure as a Service cloud services solution management engine from Red Hat, Inc. An elevation of privilege vulnerability exists in Red Hat CloudForms Management Engine CFME versions prior to 5.7, which can be exploited by an attacker to...

Red Hat Network Satellite Cross-Site Scripting Vulnerability

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is a set of system management platforms from the American company Red Hat Red Hat. The platform can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration and...

Spacewalk: XSS in system-group

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...