CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

EUVD-2026-28841

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

CVE-2026-42286

The CVE-2026-42286 entry concerns Emlog, an open source website building system. Affected versions prior to 2.6.11 lack CSRF protection in critical admin functions, enabling an attacker to coerce authenticated admins into actions such as system registration, plugin management, and configuration c...

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

PT-2026-39202

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Missing Cross-Site Request Forgery CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions. These actions include system...

EUVD-2012-0097

Malware in sbrugna...

EUVD-2017-6596

Malware in sbrugna...

PT-2025-23838 · Unknown · Campcodes Online Hospital Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Hospital Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /registration.php. The manipulation of the full name and username arguments leads to S...

CVE-2025-0844 needyamin Library Card System Registration Page signup.php cross site scripting

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/useraddress...

gnome-settings-daemon bug fix update

An update is available for gnome-settings-daemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-settings-daemon packages contain a daemon to share...

bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1973-1)

This update for rmt-server to version 2.3.1 fixes the following issues : Fix mirroring logic when errors are encountered bsc1140492 Refactor RMT::Mirror to download metadata/licenses in parallel Check repo metadata GPG signatures during mirroring bsc1132690 Add rmt-server-config subpackage with...

CVE-2015-1777

Removed by vendor...

Design/Logic Flaw

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates...

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates...

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates...

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates...

CVE-2017-15136

When registering a system with Satellite 6 a hostname must be specified. if an additional system is registered with the same hostname, the original system will stop receiving updates from Satellite 6. An attacker with administrative privileges to add systems to a Satellite 6 server could exploit...

concrete5 'system/registration/open.php' Arbitrary PHP Code Execution Vulnerability

concrete5 is a free content management system. An arbitrary PHP code execution vulnerability exists in concrete5. An attacker can exploit this vulnerability to execute arbitrary PHP code in the context of a web server process...

Default credentials

Spacewalk-backend in Red Hat Network RHN Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading 1 the server log and 2 an email...