CVE-2026-8676

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...

EUVD-2026-31969

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

VulnCheck KEV: CVE-2021-4444

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new...

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

CVE-2022-45539

EyouCMS = 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file...

Xorg X11 Server (AIX) - Local Privilege Escalation

Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...

CVE-2018-15848

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true...

CVE-2018-14959

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI...

CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

Localize: Full Path Disclosure / Info Disclosure in Creating New Group

Hi, I found another information disclosure vulnerability/Full Path Disclosure on your application. this time its on Creating New Group Section. Proof of Concept ------------------------- GET : http://www.localize.io/pages/createproject/ project ID POST CONTENT: CSRFToken=TOKEN...

Moodle Session Fixation Vulnerability

This host is running Moodle and is prone to session fixation vulnerability OpenVAS Vulnerability Test $Id: gbmoodlesessionfixationvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Moodle Session Fixation Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Fa-Ads (Auth Bypass) Vulnerability

Exploit for php platform in category web applications ================================== Fa-Ads Auth Bypass Vulnerability ================================== ======================================================================================== | Title : Fa-Ads Auth Bypass Vulnerability | Author...