CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

CVE-2026-1628

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

CVE-2016-10808

In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs SEC-113...

EUVD-2025-60957

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

Security update for squid

This update for squid fixes the following issues: CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

EUVD-2002-1511

Malware in sbrugna...

EUVD-2002-2391

Malware in sbrugna...

EUVD-2006-5879

Malware in sbrugna...

EUVD-2019-4894

Malware in sbrugna...

CVE-2009-10005

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

Linux Distros Unpatched Vulnerability : CVE-2023-32208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Service workers could reveal script base URL due to dynamic import. This vulnerability affects Firefox 113. CVE-2023-32208 Note that Nessus relies on the presen...

WordPress plugin Modern Polls 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

CVE-2024-7336

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument httphost leads to buffer overflow. The attack can be launched remotely. The exploit...

PT-2024-38118 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A vulnerability was found in the apmib Configuration Handler component, specifically affecting some unknown functionality of the file /cgi-bin/ExportSettings.sh. This issue leads to...

CVE-2023-0983

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...

CVE-2018-6225

An XML external entity injection XXE vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script...