53 matches found
CVE-2026-41918
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
CVE-2026-41918
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
EUVD-2026-33914
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
π GUnet OpenEclass E-learning Remote Code Execution
GUnet OpenEclass E-learning versions prior to 4.2 suffer from a remote code execution vulnerability. Exploit Title: GUnet OpenEclass E-learning platform """ def banner: printf'''YELLOW βββΈβ» β»βββΈ ββββββββββββ ββββββββββ» β»βΊβ β ββββ£βΈ βΊββΈββββββββββ£βββΊββΈββββββββββββ« β βββΈββ βββΈ βββΈββββββΈβββ βββΈβββΈβββΈ...
CVE-2026-31014
CVE-2026-31014 affects Dovestones Softwares AD Self Update
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
EUVD-2026-20457
Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...
CVE-2026-5302
CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...
EUVD-2026-20455
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
CVE-2026-25340
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...
CVE-2025-13151 affecting package libtasn1 for versions less than 4.19.0-3
CVE-2025-13151 affecting package libtasn1 for versions less than 4.19.0-3. A patched version of the package is available...
WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability
Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
EUVD-2025-204086
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.1.14...
WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by JoΓ£o Pedro S AlcΓ’ntara Kinorth in WordPress Theme ekommart versions 4.3.1...
CVE-2025-40831
A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...
CVE-2025-40830
A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...
PT-2025-49845
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...
PT-2025-49835
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
EUVD-2024-29852
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...