CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

EUVD-2025-2573

Malicious code in bioql PyPI...

EUVD-2024-0961

Malicious code in bioql PyPI...

CVE-2023-37263

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...

1Panel SQL Injection Vulnerability

1Panel is a product of Hangzhou Feizhiyun Information Technology Co., Ltd. and is a modern, open source Linux server operation and maintenance management panel. 1Panel exists SQL injection vulnerability, the vulnerability is due to the existence of 1Panel multiple improper filtering, an attacker...

NVIDIA BMC 安全漏洞

NVIDIA BMC is an OpenBMC open software framework from NVIDIA. NVIDIA BMC suffers from a security vulnerability that originates from storing user passwords in a fuzzy form in a host-accessible database, resulting in exposed credentials...

snipe-it cross-site scripting vulnerability (CNVD-2022-36053)

Snipe-IT is an open source IT asset/license management system. snipe-IT has a security vulnerability that can be exploited by attackers to steal user cookies...

SemCms suffers from SQL injection vulnerability (CNVD-2021-29089)

SemCms is an open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers. SemCms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

ZZCMS has a flawed logic vulnerability

ZZCMS is a completely open source based on PHP, ASP's product investment website management system , project investment website management system , enterprise website management system . ZZCMS there exists a logic flaw vulnerability. Attackers can use the vulnerability to reinstall the system...

Logic flaw vulnerability in ZZCMS (CNVD-2021-14557)

ZZCMS is a completely open source based on PHP, ASP's product investment website management system , project investment website management system , enterprise website management system . ZZCMS logic flaws exist in the vulnerability , attackers can use the vulnerability to modify the existing user...

JTopCMS has a file upload vulnerability

JTopCMS based on the JavaEE standard , is used to manage site content open source web management system cms, java cms, jsp cms. JTopCMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Command Execution Vulnerability in RGCMS

RGCMS RuiGu content management system is a set of open source building management system , using PHP language , written in the framework of Thinkphp5.1. , the database using MYSQL database . RGCMS there is a command execution vulnerability , an attacker can use the vulnerability to obtain server...

op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities

op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market...

op5 Monitoring v5.4.2 (VM Applicance) Multiple Vulnerabilities

Exploit for php platform in category web applications Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading...