18 matches found
EUVD-2020-5662
Malware in sbrugna...
EUVD-2020-17882
Malware in sbrugna...
EUVD-2025-7622
Malicious code in bioql PyPI...
CVE-2025-43018
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...
CVE-2025-43018
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...
CVE-2025-43018
CVE-2025-43018 affects HP LaserJet Pro printers and related HI-HP devices exposing information via the device’s local address book when queried by a non-authenticated user. The vulnerability is categorized as information disclosure with a CVSSv4 base score of 6.9 (NETWORK, LOW attack complexity, ...
CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...
PYSEC-2022-24
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...
CVE-2022-21659
Removed by vendor...
CVE-2022-21659 Observable Response Discrepancy in Flask-AppBuilder
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...
CVE-2021-29621
Removed by vendor...
CVE-2021-21327
GLPI before 9.5.4 allows non-authenticated remote instantiation of any class via Unsafe Reflection in getItemForItemtype(), enabling class constructors/destructors to run and potentially corrupt integrity of the core platform and plugins through a POP chain. Vulnerable component: GLPI core/runtim...
GLPI 9.5.3 Unsafe Reflection
Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...
Design/Logic Flaw
Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO Driver versions prior to 20.5 remotely...
Cross site scripting
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...
CVE-2018-11486
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...
CVE-2016-9257
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to...
SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
!/usr/bin/env python Exploit Title: SPIP - CMS " exit baseurl = sys.argv1 login = sys.argv2 ma...