CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

The vulnerability of the `show_zysync_server_contents` function in the network storage software Zyxel NAS326 and NAS542 allows a hacker to execute arbitrary code.

The vulnerability of the showzysyncservercontents function in Zyxel NAS326 and NAS542 software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...

The vulnerability of the MKLogic-500 PLC, related to the use of pre-set credentials, allows a hacker to gain access to the contents of the FTP server.

The vulnerability of the PLK MKLogic-500 is related to the presence of pre-installed account data. Exploiting this vulnerability can allow a remote attacker to gain access to the contents of the FTP server...

Drupal 9.3.x < 9.3.22 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.3.x prior to 9.3.22 or 9.4.x prior to 9.4.7. Drupal uses the Twig third-party library for content templating and sanitization. Multiple vulnerabilities are possible if an untrusted user has access...

CVE-2022-1713

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information...

ApacheTomcat Code Problem Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation, a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat. The vulnerability can be exploited by an attacker to execute code by...

PT-2018-3861 · Tibco +1 · Tibco Jasperreports Server +5

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions up to and including 6.4.2 TIBCO JasperReports Server Community Edition versions up to and including 6.4.2 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO Jaspersoft...

Sambar Server 4.3/4.4 beta 3 Search CGI Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1684/info The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery o...