CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

The vulnerability of microprogrammed software in serial interface industrial converters of the Ethernet Westermo EDW-100, related to the storage of passwords as plain text, allows a hacker to disclose information about the user’s name and password for any user account.

The vulnerability of the microprogrammed industrial converter’s serial interface Ethernet implementation, the Westermo EDW-100, lies in the storage of passwords as plain-text files in the configuration file. Exploiting this vulnerability allows a malicious actor to obtain information about the...

CVE-2024-33332

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant...