23919 matches found
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...
Joomla! Component User Status - Local File Inclusion
A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
Emlog Pro v2.1.14 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
ESAFENET CDG - Arbitrary File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...
CVE-2026-58486
creationtimestamp| type| source ---|---|--- 2026-07-14 02:38:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mql6gu5bqd2z...
CVE-2026-62195
creationtimestamp| type| source ---|---|--- 2026-07-13 23:15:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkt4djxzu2i...
GHSA-CM8G-8JFQ-887P
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:07+00:00| seen| https://t.me/GithubRedTeam/92588 2026-07-14 00:00:10+00:00| seen| https://t.me/GithubRedTeam/92588...
CVE-2026-57803
creationtimestamp| type| source ---|---|--- 2026-07-13 19:29:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkgiadrvj2e 2026-07-14 02:26:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql5seep2a22...
CVE-2026-22093
creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkhgrukm2t 2026-07-13 17:49:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkavfwvjs2y 2026-07-14 03:05:48+00:00| seen|...
CVE-2026-4769
creationtimestamp| type| source ---|---|--- 2026-07-13 07:21:18+00:00| seen| https://infosec.exchange/users/certvde/statuses/116911458109125585 2026-07-13 07:54:49+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mqj7nsuneh2l 2026-07-13 08:30:05+00:00| seen|...
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
Rudder Server < 1.3.0-rc.1 - SQL Injection
Rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
RevPi Webstatus <= v2.4.5 - Authentication Bypass
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device id: CVE-2025-41646 info: name: RevPi Webstatus = v2.4.5 - Authentication Bypass author: DhiyaneshDK severity: critic...
Webmin < 1.920 - Authenticated Remote Code Execution
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
CVE-2026-56281
creationtimestamp| type| source ---|---|--- 2026-07-12 17:21:01+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqhotdnxkt22...
CVE-2026-61876
creationtimestamp| type| source ---|---|--- 2026-07-12 12:26:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6fkg4lk2e 2026-07-12 12:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hqwuyt2t 2026-07-12 13:00:35+00:00| seen|...