CVE-2020-35625

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...

CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the...

CVE-2016-10312

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/ pages...

Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the decoding of JPEG...

CVE-2025-20223

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP...

Cisco Catalyst SD-WAN Manager Certificate Validation (cisco-sa-catalyst-tls-PqnD5KEJ)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD- WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitiv...

PT-2025-18025 · Undefined · Undefined

@HannahVLBelguim @KallasteLiina @EuropaBeacon exploit vuln"X CCTV", "CVE-2025-1347"; rtsp stream"192.168.1.100", "admin:pass123", "h264"; Security cameras? What security cameras? https://t.co/u9UYJeIv6J...

PT-2025-17083 · Unknown · Videowhisper Paid Videochat Turnkey Site

Name of the Vulnerable Software and Affected Versions: videowhisper Paid Videochat Turnkey Site versions n/a through 7.3.11 Description: The issue is related to a Weak Password Recovery Mechanism for Forgotten Password, which allows password recovery exploitation. Recommendations: For versions n/...

CVE-2025-20236 Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

Exploit for CVE-2025-29927

Exploit for CVE-2025-29927 Next.js - Authorization Bypass !...

Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the syncd authentication handler. The issue results from...

CVE-2025-3252 xujiangfei admintwo add cross site scripting

A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-30581 WordPress Top Bar plugin <= 3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through = 3.3...

CVE-2024-54449 Remote Code Execution (RCE) via Arbitrary File Write In Document API

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘writ...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2025-20145

A vulnerability in the access control list ACL processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress...

CVE-2025-20208

CVE-2025-20208 is a reported cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS). The flaw stems from insufficient input validation in a data field of the web UI, enabling a low-privileged, remote attacker to inject script co...

CVE-2025-20119 Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...