CVE-2025-59901

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...

CVE-2025-59901

CVE-2025-59901 describes an authenticated reflected XSS in Disk Pulse Enterprise v10.4.18. The vulnerability is located in the /monitor_directory?sid= endpoint and arises from insufficient validation of the monitor_directory parameter sent via POST. An attacker could craft input that, when viewed...

PT-2026-5109

Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor directory?sid=' endpoint, caused by insufficient validation of the 'monitor directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated use...

CVE-2025-42955 Missing authorization check in SAP Cloud Connector

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

PT-2006-6838 · Enthrallweb · Enthrallweb Eclassifieds

Name of the Vulnerable Software and Affected Versions: Enthrallweb eClassifieds affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in several parameters, including AD ID, cat id,...

PT-2005-4562 · Smartppc · Smartppc Pro

Name of the Vulnerable Software and Affected Versions: SmartPPC Pro affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via t...