EUVD-2026-29413

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

CVE-2020-36909

CVE-2020-36909 affects SnapGear Management Console SG560 3.1.5. The vulnerability is described as an arbitrary file read/write through the edit_config_files CGI script, where authenticated users can manipulate POST parameters to the /cgi-bin/cgix/edit_config_files endpoint to access and modify fi...

PT-2026-1444

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit config files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit config files to access and modify file...

SnapGear Management Console SG560 路径遍历漏洞

SnapGear Management Console SG560 is a versatile network security gateway from SnapGear. A path traversal vulnerability exists in the SnapGear Management Console SG560, which stems from a file manipulation vulnerability in the editconfigfiles CGI script that could result in reading, writing, and...

Malicious code in parallax-speleology-cosmicray-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcb1bbd0bd3357091e2d748d5bed61fe8406818a860219badcf71fab198a6f75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mahnu-oy-giossisi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8da78aea58ec22d8ef0e2a79c63c6b333f98c79c5588c3d378f8ea4dcaaa0a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146054 Malicious code in pegasus-spectron-webdriver-neptune-uninstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cfd834cc94f3d97018894b7ada929dcb9499b32c25a4f8e6c33026068697ce3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-135869 Malicious code in nurul-keraktelor23-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76805e3d192e908da42935aa67471809f9f457508475c851599735cd4714c93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-138325 Malicious code in yielding_shrew_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544a7e20810781def583fc84829b1fac781eaf20dd2958454d30812939172365 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2024-5096 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Server, where affected devices do not properly validate authentication when performing certain actions in th...

Design/Logic Flaw

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

PT-2022-25011 · Nokia · Nokia 1350 Oms

Name of the Vulnerable Software and Affected Versions: NOKIA 1350 OMS version R14.2 Description: The issue involves insufficiently protected credentials, specifically a cleartext administrator password, found on the edit configuration page. This can be exploited by an authenticated attacker. The...

NOKIA 1350 OMS 安全漏洞

NOKIA 1350 OMS is an optical management system from the Finnish company Nokia NOKIA. A security vulnerability exists in NOKIA 1350 OMS version R14.2, which originates from the presence of a plaintext administrator password in the Edit Configuration page...

Code Projects Artworks Gallery Code Issues Vulnerabilities

Code Projects Artworks Gallery is an online artwork management website builder organized by Code Projects. A security vulnerability in ARTWORKS GALLERY, which exists within the Edit Configuration File feature in PHP, CSS, JAVASCRIPT, and MYSQL 1.0, can be exploited by remote attackers to upload...

Citrix Workspace app (earlier known as Citrix Receiver) for Chrome and HTML5 Configuration Utility

How to use Configuration Utility Steps to Create a Configuration: 1. Click Create New 2. Select the appropriate Citrix Workspace app from the following options: Citrix Workspace app for Chrome Citrix Workspace app for HTML5 If you need configuration for Citrix Receiver, choose the corresponding...

Enterpriser16 LB 7.1 Cross Site Scripting

Title: ====== Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: ===== 2012-12-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=785 VL-ID: ===== 785 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Load...