82291 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-36365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage...
CVE-2026-25137
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
CVE-2025-70958
Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
CVE-2026-25137
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
CVE-2026-25137
CVE-2026-25137 concerns the NixOS Odoo package, where from 21.11 to before 25.11 and 26.05, Odoo setups publicly expose the database manager without authentication. This permits unauthorized actors to delete and download the entire database, including the file store, with access evident from HTTP...
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
CVE-2026-25137
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...
GHSA-8478-RMJG-MJJ5 Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Summary A stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions which do not require an elevated session, an...
Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Summary A stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions which do not require an elevated session, an...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ExploitAtlas A full-stack Rust application for CVE intelligen...
CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...
CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...
CVE-2025-12680
CVE-2025-12680 affects Brocade SANnav prior to version 2.4.0b. In the event of disaster-recovery failover, the standby SANnav server logs database passwords in clear text, enabling a remote authenticated attacker with admin privileges to read the passwords from SANnav logs or the supportsave. The...
CVE-2026-23476
Summary: CVE-2026-23476 affects FacturaScripts prior to 2025.8, due to a reflected XSS in error messages rendered with Twig’s raw filter. The bug arises when a database error includes user input (e.g., via the code parameter in endpoints like /EditProducto?code=) and the template Core/View/Macro/...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
FacturaScripts is Vulnerable to Reflected XSS
Reflected XSS via SQL Error Messages Summary A reflected XSS bug has been found in FacturaScripts. The problem is in how error messages get displayed - it's using Twig's | raw filter which skips HTML escaping. When a database error is triggered like passing a string where an integer is expected,...
Important Notice: Preserving Free Access While Evolving the Wordfence Intelligence Vulnerability API
Update: Thanks to all of our readers who pointed out the incorrect year. The correct date is March 9th,2026 and we have updated this post to reflect that. We apologize for the oversight on our part in providing the wrong year in the post and email. This does not affect any Wordfence Free, Premium...