13 matches found
CVE-2022-23720
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID...
EUVD-2023-37406
Malicious code in bioql PyPI...
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer MFT software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not...
CVE-2025-7214
A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the...
Instantel Micromate (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
PT-2025-12883 · WordPress · Product Import Export For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows authenticated attackers with Administrator-level access and above to make web...
Linux Distros Unpatched Vulnerability : CVE-2011-3209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The divlonglongrem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of servi...
CVE-2024-47590
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser XXS or transmitted to...
PT-2023-16592 · WordPress · Themeflection Numbers
Name of the Vulnerable Software and Affected Versions: Themeflection Numbers WordPress plugin versions prior to 2.0.1 Description: The issue is related to a lack of authorisation and CSRF check in an AJAX action, which does not ensure that the options to be updated belong to the plugin. This coul...
Novell GroupWise Internet Agent 6.5.1
Novacoast Security Advisory Novell GroupWise 6.5 Vulnerability Synopsis: Novacoast has discovered a vulnerability in the Novell GroupWise 6.5 Wireless Webaccess logging functionality. The software exposes all username and passwords within the log file in clear text. This information could be used...
CuteNews 0.88 - 'search.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an extern...
CVE-2021-44782
...
CVE-2021-0025
...