35 matches found
CVE-2026-2404
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...
OpenFeature flagd 安全漏洞
OpenFeature flagd is a daemon process developed by OpenFeature Corporation. Versions of flagd prior to 0.14.2 contained a security vulnerability. This vulnerability stemmed from the lack of size restrictions on the evaluation context in the request payload, which could lead to memory exhaustion a...
CVE-2019-25384
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRCPORTSEL,...
CVE-2025-67397
An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...
EUVD-2004-0220
Malware in sbrugna...
EUVD-2021-0080
Malware in sbrugna...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
CVE-2024-11043
A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...
Atlassian Confluence < 8.5.3 - Remote Code Execution
Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Date: 25/1/2024 Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Teste...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
Authorization
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
PT-2024-19041 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: FortiPortal versions 7.0.6 and below FortiPortal version 7.2.0 Description: An improper authorization issue in FortiPortal may allow a user to download other organizations' reports via modification in the request payload. This issue could...
Cross-site Scripting (XSS)
fusiondirectory is vulnerable to Cross-Site Scripting XSS attacks. The attack exists due to insufficient sanitations in the response body which allow adding unauthorized headers via the request payload...
Super Socializer 7.13.52 - Reflected XSS Exploit
Exploit Title: Super Socializer 7.13.52 - Reflected XSS Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=thechampsharingcount&urls%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E=https://www.google.com Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
Cross site request forgery (csrf)
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25759
The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...