CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

CVE-2026-8979

CVE-2026-8979 affects the Mennekes Amtron series firmware versions ≤ 5.22.3. The vulnerability is an authentication bypass where an unauthenticated remote attacker can change a user account password by sending a crafted POST to the /operator/operator endpoint. The CVSS data indicates a critical i...

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

CVE-2025-64112

CVE-2025-64112 refers to a stored XSS vulnerability in Statamic CMS (Laravel + Git) involving Collections and Taxonomies. The issue allows an authenticated user with content-creation permissions to inject malicious JavaScript that executes for higher-privileged users, potentially enabling credent...

EUVD-2025-28076

Malicious code in bioql PyPI...

CVE-2025-47077

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46963

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46940

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46924

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46890

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager（AEM） 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

WordPress plugin Event Espresso 4 Decaf 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

Bender ebee 充电控制器 安全漏洞

The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from an unprotected data export. The backup export is protected by a random key. The key is set at user login. It is empty after a reboot. An attacker can exploit this...

UBUNTU-CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

Cheetah Mobile CM Browser Security Bypass Vulnerability

Cheetah Mobile CM Browser is a web browser from Cheetah Mobile, a Chinese company. A security bypass vulnerability exists in Cheetah Mobile CM Browser version 5.22.06.0012. An attacker could exploit this vulnerability to bypass the same-origin policy...