19 matches found
Grav 安全漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...
EUVD-2025-205856
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...
The vulnerability of the Downloads Panel component of the Mozilla Firefox browser and the Thunderbird email client allows attackers to perform spear-phishing attacks.
The vulnerability of the Downloads Panel component in the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in the authentication process, resulting from incorrect display of the domain name in the address bar. Exploiting this vulnerability allows a malicious act...
CVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7...
InnoShop 安全漏洞
InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from a flaw in the file manager functionality of the admin panel that could lead to code execution...
The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...
TeleMessage 安全漏洞
TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from an administrative panel that allows an attacker to discover usernames, email addresses, passwords, an...
CVE-2022-44294
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manageservice=...
CVE-2019-5694
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, which may lead to denial of service or...
The vulnerability in the “classes/Master.php?f=save_field” script of the CMS system’s administration panel for the Mobile Comparison Website allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the classes/Master.php?f=savefield script of the CMS system’s administration panel for the Mobile Comparison Website is related to insufficient protection of the website structure when processing the Field Name argument. Exploiting this vulnerability allows an attacker to...
Church Management System SQL注入漏洞
Church Management System is a church management system. A security vulnerability exists in Church Management System v1.0, which originates from a SQL injection vulnerability in the id parameter via /admin/editevent.php...
Qibosoft 跨站脚本漏洞
Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...
Apple macOS 权限许可和访问控制问题漏洞
Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. Apple macOS is vulnerable to a privilege-granting and access-control issue, which arises from security restrictions not properly applied by NSOpenPanel. An attacker could exploit the vulnerability to escalate...
The vulnerability of the “Network” panel display on Google Chrome and Microsoft Edge browsers allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the “Network” panel display in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a...
UBUNTU-CVE-2020-12245
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25368)
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the 'resetpassword' function in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to arbitrarily change the password of the root account...
CVE-2018-9923
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request...
Bastian Allgeier Kirby Arbitrary File Upload Vulnerability
Bastian Allgeier Kirby is a content management system CMS from Bastian llgeiergs, Germany. An arbitrary file upload vulnerability exists in the Panel component of Bastian Allgeier Kirby 2.1.1 and earlier versions, which can be exploited by a remote attacker to execute arbitrary PHP code by...