MiracleLinux 9 : bootc-1.1.6-3.el9_6 (AXSA:2025-10277:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10277:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

KeePass vulnerability allows attackers to access the master password

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the...

CVE-2022-28056

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...

PT-2022-18783 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO versions 2.2.5 and below Description: The issue is related to a system re-install vulnerability. It is exploited via the Add function in the app/install/controller/Index.php file. Recommendations: For versions 2.2.5 and below, consider...

CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...

Logic Flaw Vulnerability in AiFreePhp

AiFreePhp is a free and open source PHP website builder. AiFreePhp has a logic flaw vulnerability that can be exploited by attackers to reinstall a system...

Command Execution Vulnerability in TEMMOKUMVC Module Management Service

TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP MySQL products , using independent MVC framework for large and medium-sized enterprises and open source MVC. TEMMOKUMVC command execution vulnerability exists in the module management . Attackers can use the...

Malicious Package in soket.io

All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

Malicious Package in axois

All versions of axois are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This package...

Arbitrary File Deletion Vulnerability in HisiPHP (CNVD-2020-48610)

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete lock files , resulting in system reinstallation...

Apple CMS has a logic flaw vulnerability

Apple CMS program is a fast website building system that runs on PHP+MYSQL environment. Apple CMS has a logic flaw vulnerability that can be exploited by attackers to delete arbitrary files and cause a system reinstallation...

ZZCMS Buildable Product Merchandising Website Has Reinstallation Vulnerability

ZZCMS Buildable Product Merchandising Website is a PHP and MYSQL based CMS to quickly build product merchandising websites. The ZZCMS Buildable Product Merchandising Website has a reinstallation vulnerability that can be exploited by an attacker to overwrite the previous install.lock file,...

Harbin Weicheng Technology Co., Ltd. OurPHP has an arbitrary file deletion vulnerability

OurPHP is a PHP+MySQL based development of W3C-compliant website building system. Harbin Weicheng Technology Co., Ltd OurPHP has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any system files, and can further lead to the system being reinstalled...

Arbitrary file deletion vulnerability in Ridewind Multi-User PHP Statistics System V5.2 backend

Ride Multi-User PHP Statistics is a website traffic statistics system for web store statistics. Ridewind Multi-User PHP Statistics System V5.2 has an arbitrary file deletion vulnerability in the background, which can be exploited by attackers to delete files and cause system reinstallation...

Logic Flaw Vulnerability in ForU CMS

4UCMS Information Technology Co., Ltd. was founded in 2005, focusing on enterprise-level and individual network integrated marketing services, taking the lead in providing a full range, systematic, segmented professional network integrated marketing solutions. A logic flaw vulnerability exists in...

Arbitrary File Deletion Vulnerability in DSShop

DSShop is based on ThinkPHP5 framework for the development of a single store mall system, full support for PC, WAP, microblogging and other terminal equipment, designed for business users to adapt to the entire business model of the solution, can fully meet the operational needs. DSShop arbitrary...

Arbitrary File Deletion Vulnerability in DSCMS

DSCMS is an enterprise website system launched by Changsha Deshaun Network Technology Co. DSCMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to cause a system reinstallation...

Code Execution Vulnerability in MacCMS

MacCMS is a cms website builder system. A code execution vulnerability exists in MacCMS. An attacker can exploit the vulnerability to delete arbitrary files and cause system reinstallation. When reinstalling the software, malicious code is constructed to insert into the configuration file to gain...

Reinstallation Vulnerability in S-CMS Enterprise Website Builder System

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is a reinstallation vulnerability in S-CMS, which can be exploited by attackers to reinstall the system...

Arbitrary Deletion Vulnerability in HongCMS v4.0 uc_a***.php File

HongCMS is an open source lightweight content management system CMS. HongCMS v4.0 uca.php file contains an arbitrary deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files, resulting in a system reinstallation...