158136 matches found
Exploit for Insufficient Session Expiration in Apache Camel
camel-keycloak Missing ISACTIVE Check — Expired Tokens Accept...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-pqc AWS Secrets Manager Key-Metadata Unsafe Deserializat...
[SECURITY] [DLA 4679-1] mesa security update
Debian LTS Advisory DLA-4679-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 13, 2026 https://wiki.debian.org/LTS Package : mesa Version : 20.3.5-1+deb11u1 $bookwormVERSION CVE ID : CVE-2026-40393 Debian Bug : A vulnerability has been found in the mesa 3D...
Metersphere - Arbitrary File Read
Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. id: CVE-2021-30151 info: name: Sidekiq =6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq...
XStream <1.4.18 - Server-Side Request Forgery
XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...
Sympa version =>6.2.16 - Cross-Site Scripting
Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. id: CVE-2018-1000671 info: name: Sympa version =6.2.16 -...
Jenkins <=2.196 - Cookie Exposure
Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. id: CVE-2019-10405...
Nette Framework - Remote Code Execution
Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server...
Jenkins <=2.218 - Information Disclosure
Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
XStream 1.4.18 - Arbitrary Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
Zabbix <=4.4 - Authentication Bypass
Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...
WordPress < 4.9.1 - Authenticated JavaScript File Upload
WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...
Drupal 7 CKEditor XSS
CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...
Adobe Experience Manager ≤ 6.5.23.0 - XML Injection
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...
SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass
One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations VMware or HyperV. The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. id: CVE-2024-45488 info: name: SafeGuard for...
1Panel SQL Injection - Authenticated
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
web-management-server-compromise-assessment
Web Management Server Compromise Assessment AMN SECUR...