6052 matches found
PLANET UNI-NMS-Lite 信任管理问题漏洞
Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite is vulnerable to a trust management issue that can be exploited by an attacker to submit a special request that can...
SUSE CVE-2025-22115
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...
CVE-2025-43947
Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image title sub-field in the image field. Details Cross-site scripting or X...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Create/Modify article function via the image copyright sub-field in the image field. Details Cross-site scripting ...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from the presence of stored cross-site scripting in the image parameter of the Create/Modify article function, which could lead to the execution of arbitra...
PT-2025-17444 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
UBUNTU-CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
SUSE CVE-2025-22042
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context...
SUSE CVE-2025-22071
In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufscreatecontext Leak fixes back in 2008 missed one case - if we are trying to set affinity and spufsmkdir fails, we need to drop the reference to neighbor...
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2025-29708
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services...
CVE-2025-29709
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio...
PT-2025-17320 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2025-29456
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function...