17 matches found
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector...
EUVD-2026-9358
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
OpenMetadata 安全漏洞
OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...
EUVD-2021-11037
Malware in sbrugna...
EUVD-2024-51182
Malicious code in bioql PyPI...
CVE-2021-24123
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...
How cyberattackers exploit domain controllers using ransomware
In recent years, human-operated cyberattacks have undergone a dramatic transformation. These attacks, once characterized by sporadic and opportunistic attacks, have evolved into highly sophisticated, targeted campaigns aimed at causing maximum damage to organizations, with the average cost of a...
CVE-2024-12902
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default...
CVE-2021-45031
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...
PT-2022-15016 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect...
Watch Out! Mission Critical SAP Applications Are Under Active Attack
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common securit...
CVE-2021-24123
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...
The vulnerabilities of Cisco Firepower Management Center’s network management software, related to the rigid encoding of registration data, allow attackers to gain full access to the system.
The vulnerability of Cisco Firepower Management Center’s network management software is related to the rigid coding of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to gain full access to the system using a high-privilege account...
Microsoft Windows Media Foundation Buffer Overflow Vulnerability (CNVD-2020-26243)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Media Foundation is one of the multimedia application libraries. A buffer overflow...