SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could ha...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated endpoints in the new GINA UI, which exposed...

FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint

Summary An unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration, server environment variables including any database...

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow, which stems from the...

EUVD-2011-1723

Malware in sbrugna...

EUVD-2003-1225

Malware in sbrugna...

EUVD-2010-3966

Malware in sbrugna...

EUVD-2023-0784

Malicious code in bioql PyPI...

CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

zsa security vulnerability

zsa is a library open-sourced by zsa for building type-safe server operations in Next.js. A security vulnerability exists in versions prior to zsa 0.3.3 that stems from a zsa application transferring a parsing error stack from the server to the client in production build mode, resulting in the...

GHSA-WJMJ-H3XC-HXP8 Generation of Error Message Containing Sensitive Information in zsa

Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit th...

WordPress Hash Form Plugin RCE

The Hash Form - Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the fileuploadaction function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload...

PT-2024-21351 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Meta4 HR affected versions not specified Description: A vulnerability has been found that allows an attacker to obtain information about the application, including variables set in the process, Tomcat versions, library versions, and the...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Cross Site Scripting (XSS)

typo3 is vulnerable to Stored XSS. The vulnerability is due to GeneralUtility::getIndpEnv function which uses unfiltered server environment variable PATHINFO and TypoScript setting config.absRefPrefix=auto. This can lead to an attacker injecting malicious content or malicious HTML code in...

TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

Afian FileRun 安全漏洞

Afian FileRun is a full-featured web-based file manager. A security vulnerability exists in Afian FileRun version 20220202, which stems from a change in the searchtikapath variable to a custom jar path that could result in remote code execution in a web server user's environment...

CVE-2021-45851

A Server-Side Request Forgery SSRF attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server...

Exploit for OS Command Injection in Systeminformation

CVE-2021-21315-systeminformation This is Proof of Concept for...