EUVD-2026-35446

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

EUVD-2023-54200

Malicious code in bioql PyPI...

CVE-2023-4335

Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...

CVE-2023-28023

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

Cross site request forgery (csrf)

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

SUSE CVE-2023-29454

Stored or persistent cross-site scripting XSS is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload e.g., in a database or server-side text files, and finally, the application unintentionally executes the payload for every victi...

Directory traversal

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

Cross site scripting

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

XML External Entity (XXE) Injection

Moodle is susceptible to XML external entity XXE injection attacks. The attacks exist because mod/imscp/locallib.php does not filter the input XML files to the IMSCC course format or the IMSCP resource, thereby allowing attackers to input malicious XML files and read server-side files...

GLSA-200701-12 : Mono: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200701-12 Mono: Information disclosure Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize local pathnames which could allow...