30 matches found
PT-2026-27961
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not adequately limit the rate of login requests. This...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-31872 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-31872 Source advisory: OSV:GHSA-R2M8-PXM9-9C4G...
regclient-0.10.0-1.1 on GA media (moderate)
regclient-0.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15723-1 Rating: moderate Cross-References: CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189 CVE-2025-61723 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVSS scores: CVE-2025-479...
Amazon Linux 2023 : gnuplot-common, gnuplot-latex, gnuplot-minimal (ALAS2023-2025-960)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-960 advisory. A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment. CVE-2025-3359 Tenable has extracted the preceding description block directly from the tested...
Strengthen Security with Cyber Risk Advisory
In today’s fast-paced digital world, cyber threats are constantly evolving. Attackers are leveraging advanced techniques and artificial intelligence AI to exploit vulnerabilities, leaving organizations vulnerable to breaches and disruptions. To combat these challenges, organizations must stay...
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...
OutSystems Service Studio 11.53.30 - DLL Hijacking Vulnerability
Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability has been...
OutSystems Service Studio 11.53.30 - DLL Hijacking
Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability...
Possible exploit vulnerability in Zoho ManageEngine
A vulnerability has been fixed in several Zoho ManageEngine products. The vulnerability is located in an underlying third-party product: Apache Santuario. The vulnerability allows a malicious party to execute arbitrary code on the vulnerable system with system privileges. Researchers at Horizon3 ...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39392 via wasmtime (>=0.10.0 <=12.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39392 Source advisory: OSV:GHSA-44MR-8VMM-WJHG...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4127 more potentially affected by CVE-2021-23555 via vm2 (>=1.0.1 <=3.9.5)
vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2021-23555 Source advisory: OSV:GHSA-6PW2-5HJV-9PF7...
Linear eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3 1.00-06 - Remote Code Execution Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a...
eMerge50P 5000P 4.6.07 - Remote Code Execution
eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CBAS-Web 19.0.0 - Information Disclosure
CBAS-Web 19.0.0 - Information Disclosure Exploit Title: CBAS-Web 19.0.0 - Information Disclosure Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Computrols CBAS-Web 19.0.0 Information Disclosure
Computrols CBAS-Web Information Disclosure Affected versions: 19.0.0 and below CVE: CVE-2019-10849 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic $ curl -s...
FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
FlexAir Access Control 2.3.38 Remote Root
!/usr/bin/env python Authenticated Remote Root Exploit for Prima FlexAir Access Control 2.3.38 via Command Injection in SetNTPServer request, Server parameter. CVE: CVE-2019-7670 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...
Prima Access Control 2.3.35 Script Upload Remote Code Execution
Prima Access Control 2.3.35 Authenticated Python Script Upload Root RCE CVE: CVE-2019-9189 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic --- POST /bin/sysfcgi.fx...
FlexAir Access Control 2.4.9api3 - Remote Code Execution
FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...