13 matches found
CVE-2026-3495
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...
SQL Injection
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the update method in Configuration.php. A user with 'Configuration Edit' permissions can execute arbitrary SQL commands by submitting...
MAL-2025-189372 Malicious code in scale-phi-deserialize-nu-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3da7cfb294f277c58d7e8fe6484b55c4210fc860ea9b97bd8165568c264fb168 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176725 Malicious code in nuilva-buyavadia-manaha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cc8dfa25a904495c182f30031a98538af51c7166b0af7134f14fd3c751b3220 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in colonial_starfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181703f457f49bbc40ca65086573a13d6f58e16bba4fedd92bbcebbd6a092a3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cindy-keripik91-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f0952fa25d01dc8ba75b5b5ceb037392391d3fde630ae9acf9cd9c9cf2c134e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-47286
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...
PT-2025-46182
Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop is a web-based IT service management tool. An administrator can execute code on the server by editing the configuration of the iTop instance in...
CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2022-47506 SolarWinds Platform Directory Traversal Vulnerability
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands...
GHSA-668Q-QRV7-99FM Deserialization of Untrusted Data in logback
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
XFINITY Gateway Technicolor DPC3941T Cross Site Request Forgery
Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 12/12/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to CSRF and has no security on the entire admin panel for it...
ownCloud: SMB User Authentication Bypass and Persistence
Authentication Bypass ================== The external user authentication app in OwnCloud does not properly authenticate against an SMB server. In it's current implementation, the file owncloud/apps/userexternal/lib/smb.php, line 46-47 uses the command smbclient -L //host/dummy -Uuser%pass, where...