CVE-2026-21628

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

CVE-2026-20098

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

CVE-2025-13871

Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...

EUVD-2013-1261

Malware in sbrugna...

EUVD-2013-4025

Malware in sbrugna...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-50270

A stored Cross Site Scripting xss vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters...

CVE-2013-4094

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

BIT-DOLIBARR-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by and characters in the onpointermove attribute of a BODY element to the user-management feature...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

CVE-2024-57099

ClassCMS v4.8 is exposed to a code execution vulnerability exploitable through the classview parameter in the model management feature. An attacker can supply a crafted payload to achieve arbitrary code execution and potentially take full control of the server. The issue is documented across mult...

CVE-2024-46410

PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting XSS vulnerability via a crafted script to the Category Managment feature...

PT-2024-31983 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202406.d Description: A cross-site scripting XSS issue was discovered in PublicCMS via a crafted script to the Category Management feature. This allows for potential exploitation. Recommendations: For PublicCMS version...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

ASB-A-272042183

In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by and characters in the onpointermove attribute of a BODY element to the user-management feature...

PT-2021-20233 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP and CRM version 13.0.2 Description: The issue allows for stored cross-site scripting XSS in the object details of the user-management feature. This can be demonstrated by using and characters in the onpointermove attribute of a...

OpenIAM Cross-Site Scripting Vulnerability

OpenIAM is a fully integrated identity and access management platform. A cross-site scripting vulnerability exists in the "Add New User" feature in OpenIAM versions prior to 4.2.0.3. No details of the vulnerability are available at this time...

Cisco TelePresence Management Suite Web Services

Cisco TelePresence Management Suite TMS software implements a Simple Object Access Protocol SOAP interface that by design allows unauthenticated access to web services designed to provide management features to devices. At first publication of the advisory, the management feature was not document...

Netgear FVS318N router default remote management vulnerability

Overview Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default. Description Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote WAN internet users access to the administrator web interface of the...