PT-2025-49811

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

EUVD-2021-6774

Malicious code in bioql PyPI...

CVE-2025-20306 Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

CVE-2024-47812

CVE-2024-47812 affects the ImportDump extension for MediaWiki. The root issue allows users who can edit wiki interface strings (typically admins) to embed XSS payloads in date-related messages, affecting viewers of Special:RequestImportQueue. A fix has been committed in d054b95 and users are advi...