CVE-2026-12047

A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to...

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

EUVD-2026-33857

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10550

Summary of CVE-2026-10550 (elunez eladmin) : Affects eladmin up to 2.7; the vulnerability targets the Application Deployment Module, specifically the App.java component. The issue arises from manipulating the uploadPath argument, enabling command injection and remote code execution. Public exploi...

PT-2026-45678

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

ELADMIN 命令注入漏洞

ELADMIN is a backend management system developed by elunez’s individual developer. Versions of ELADMIN 2.7 and earlier had a command injection vulnerability. This vulnerability stemmed from the operation of the uploadPath parameter in the App.java file within the Application Deployment Module...

CVE-2017-13706

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

CVE-2017-13706

CVE-2017-13706 affects Lansweeper prior to 6.0.100.67. An XML External Entity (XXE) vulnerability exists in the deployment module's import package functionality, allowing remote authenticated users to access sensitive information, cause denial of service, conduct server-side request forgery (SSRF...

Design/Logic Flaw

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0....

Cisco Firepower Management Center Incomplete Rule Set Vulnerability

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. The vulnerability is due to a lack of condition checks in the rules engine. An attacker could...

Stegoloader Malware Uses Steganography to Hide Itself

Malware writers aren’t hesitant to do what it takes to protect a campaign and keep it hidden from detection technologies and security researchers. The group behind the Stegoloader malware, disclosed Monday by researchers at Dell SecureWorks, has taken to digital steganography to keep its...

Information disclosure

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service deployment interruption via a direct request, aka Bug ID CSCuf52200...

Authentication flaw

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with...