4239 matches found
PT-2026-3926
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025...
EUVD-2026-3687
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...
CVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...
PT-2026-3757
Name of the Vulnerable Software and Affected Versions ServerView Agents for Windows affected versions not specified Description The installer for ServerView Agents for Windows, provided by Fsas Technologies Inc., may load Dynamic Link Libraries insecurely. This could allow for the execution of...
CVE-2026-0853
CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...
EUVD-2026-1953
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101...
CVE-2023-49002
An issue in Xenom Technologies sinous Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity...
CVE-2003-1363
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port 9999, which allows remote attackers to mount brute force attacks on the administration console without detection...
CVE-2022-37238
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...
CVE-2022-37243
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the whitelist endpoint...
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...
CVE-2022-37244
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection...
CVE-2025-23776
Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through = 1.0.4.2...
CVE-2025-23426
Cross-Site Request Forgery CSRF vulnerability in Binesh Dobhal go Social go-social allows Stored XSS.This issue affects go Social: from n/a through = 1.0...
CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...
CVE-2025-56424
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script...
CVE-2013-6018
Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...
CVE-2013-6020
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...
CVE-2013-6019
Cross-site scripting XSS vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component...