CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53923

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

CVE-2019-25229

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229

CVE-2019-25229 concerns Kentico Xperience MVC Forms Unrestricted File Upload. Multiple connected sources describe an issue where authenticated users with only the 'Read data' permission can upload arbitrary file types through the MVC form file uploader components, by manipulating file names, enab...

usb: gadget: udc: fix use-after-free in usb_gadget_state_work

...

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

CVE-2025-14700

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

EUVD-2023-60208

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

EUVD-2023-60216

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

PT-2025-52295

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53923

UliCMS 2023.1 is affected by a privilege‑escalation vulnerability in the UserController endpoint. An unauthenticated attacker can issue a crafted POST to /dist/admin/index.php to create a new admin account with full system access. Documents identify the vulnerable component and impact (unrestrict...

CVE-2023-53923 UliCMS 2023.1 Privilege Escalation via Unauthenticated Admin Account Creation

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

CVE-2023-53914

CVE-2023-53914 affects UliCMS 2023.1. An authentication bypass exists due to mass assignment in the UserController, enabling unauthenticated attackers to create admin users by sending a crafted POST to the admin/index.php endpoint with specific parameters, yielding full system access. Root cause:...

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

EUVD-2025-203903

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...