ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

Unchecked Input for Loop Condition

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-54967

CVE-2025-54967 affects BAE Systems SOCET GXP up to version 4.6.0.3. The issue arises from allowing external entities in certain XML-based files, enabling an attacker who entices a user to open a malicious file to trigger outbound requests and potentially disclose sensitive information. The root c...

EUVD-2004-1772

Malware in sbrugna...

EUVD-2006-5031

Malware in sbrugna...

EUVD-2005-1389

Malware in sbrugna...

CVE-2025-44593

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13...

CVE-2006-5046

Unspecified vulnerability in RS Gallery2 comrsgallery2 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."...

OESA-2025-1218 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the...

DEBIAN-CVE-2024-45777

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...

UBUNTU-CVE-2024-45777

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...

CVE-2024-52574

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

PT-2024-34146

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the lack of validation of user input, which is then written to the filesystem. The ParserLabel::addLabels function can be exploited to write...

GHSA-94CC-XJXR-PWVF DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

PT-2024-3649 · Siemens · Jt2Go +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V2312.0001 Teamcenter Visualization V14.1 versions prior to V14.1.0.13 Teamcenter Visualization V14.2 versions prior to V14.2.0.10 Teamcenter Visualization V14.3 versions prior to V14.3.0.7 Teamcenter Visualization V23...

CVE-2024-31822

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component...

PT-2024-24230

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap affected versions not specified Description An issue in Ecommerce-CodeIgniter-Bootstrap allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. This...