160594 matches found
MinIO Browser API - Server-Side Request Forgery
MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...
Pega Infinity - Authentication Bypass
Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. id: CVE-2021-27651 info: name: Pega Infinity - Authentication Bypass author: idealphase,daffainf...
WordPress Integrator 1.32 - Cross-Site Scripting
A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...
ECShop 4.1.0 - SQL Injection
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...
phpIPAM - 1.6 - Cross-Site Scripting
phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Qlik Sense Enterprise - HTTP Request Smuggling
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
OpenCATS - Open Redirect
OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
Django Debug Page - Cross-Site Scripting
Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...
Magmi 0.7.22 - Cross-Site Scripting
Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...
Autonomy Ultraseek - Open Redirect
Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...
DedeCMS 5.7.109 - Server-Side Request Forgery
Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...
Roxy Fileman 1.4.5 - Unrestricted File Upload
Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...
EUVD-2026-36192
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image...
EUVD-2026-36191
ImageMagick: Memory Leak in wand option parser when providing invalid arguments...
EUVD-2026-36598
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwtsecretkey...