15 matches found
CVE-2025-34280
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...
CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...
PT-2025-34107 · Undefined · Undefined
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...
CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...
CVE-2025-33024
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.5, RUGGEDCOM ROX MX5000RE All versions V2.16.5, RUGGEDCOM ROX RX1400 All versions V2.16.5, RUGGEDCOM ROX RX1500 All versions V2.16.5, RUGGEDCOM ROX RX1501 All versions V2.16.5, RUGGEDCOM ROX RX1510 All versions V2.16.5...
PT-2024-23757 · Motorola · Motorola Guideme
Name of the Vulnerable Software and Affected Versions: Motorola GuideMe affected versions not specified Description: A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, which could allow for a local attacker to read arbitrary...
Debian dla-3359 : libapache2-mod-auth-mellon - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3359 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected]...
SUSE CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...
CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks...
CVE-2017-5255
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...
Design/Logic Flaw
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests...
Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)
The remote host is missing updates announced in advisory GLSA 201209-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian: Security Advisory (DSA-1974-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Update for gzip MDVSA-2010:020 (gzip)
Check for the Version of gzip OpenVAS Vulnerability Test Mandriva Update for gzip MDVSA-2010:020 gzip Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
DSA-1974-1 gzip - arbitrary code execution
Bulletin has no description...