15 matches found
OPENSUSE-SU-2026:20720-1 Security update for trivy
This update for trivy fixes the following issues: Changes in trivy: - update go-git to 5.18.0 bsc1264873, CVE-2026-41506...
CVE-2025-11529
This CVE affects ChurchCRM up to version 5.18.0 in the API Endpoint’s AuthMiddleware (src/ChurchCRM/Slim/Middleware/AuthMiddleware.php). The vulnerability is an authentication bypass: the AuthMiddleware function allows missing authentication, enabling remote exploitation. Public exploits exist, a...
CVE-2019-19016
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...
CVE-2023-51462
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48589
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
PT-2023-8038 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...
PT-2023-7717 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This...
CVE-2023-0392
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution...
WordPress plugin Hide My WP Ghost 数据伪造问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Frontier ichris 安全漏洞
Frontier ichris is an application from Frontier Australia. A payroll software. A security vulnerability exists in Frontier ichris version 5.18, which stems from the program incorrectly handling DNS requests that request the hostname in the HTTP host header. No detailed vulnerability details are...
Mattermost Server Access Control Error Vulnerability
Mattermost Server is the United States Mattermost company's set of open source messaging platform. An Access Control Error vulnerability exists in Mattermost Server versions prior to 5.18.0, which arises from a network system or product that does not properly restrict access to resources from...
TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44518)
TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. An attacker can exploit the vulnerability to gain root privileges...
TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44519)
TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. The vulnerability can be exploited by an attacker to take full control of the device database by connecting to the database via a proxy no password required...
SysGauge 4.5.18 - Local Denial of Service
!/usr/bin/python Exploit Title : SysGauge v4.5.18 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugesetupv4.5.18.exe Note :...
PHP Fileinfo Component Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display the properties of a file and support batch modification of its properties. A security...