82 matches found
PT-2026-39883
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Improper escaping of the redirection page, which is retrieved from the Referer header of the request, allows an attacker to inject HTML. In certain server configurations, this can lead to...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...
DRC Central Data Recognition Central Office Services 安全漏洞
DRC Central Data Recognition Central Office Services is an educational assessment data management and processing service system provided by DRC Central in the United States. There is a security vulnerability in DRC Central Data Recognition Central Office Services, which stems from unauthorized...
EUVD-2025-208813
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations...
CVE-2025-15363
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations...
CVE-2025-15363 Get Use APIs < 2.0.10 - Contributor+ Stored XSS
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configurations...
EUVD-2025-208377
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
The CVE-2025-41765 issue centers on an unchecked authorization enforcement in the wwwupload.cgi endpoint, enabling an unauthorized remote attacker to upload and apply arbitrary data. The known impact includes the ability to introduce contact images, HTTPS certificates, system backups for restorat...
PT-2026-24035
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41765 Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary data through the wwwupload.cgi endpoint. This includes contact images, HTTPS certificates, system backups,...
UptimeFlare 信息泄露漏洞
UptimeFlare is a cloud-based website availability monitoring and status page software developed by lyc8503 as an individual developer. UptimeFlare has a vulnerability related to information leakage, which stems from the direct import of server-side configurations from client code, potentially...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
CVE-2020-36922
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...
CVE-2020-36922
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...
CVE-2020-36922 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...
PT-2026-1455
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...
CVE-2025-12394 Backup Migration < 2.0.0 - Unauthenticated Backup Download
The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...
PT-2025-47884
The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...