CVE-2026-13007 Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

MAGMI - Cross-Site Request Forgery

MAGMI Magento Mass Importer is vulnerable to cross-site request forgery CSRF due to a lack of CSRF tokens. Remote code execution via phpcli command is also possible in the event that CSRF is leveraged against an existing admin session. id: CVE-2020-5776 info: name: MAGMI - Cross-Site Request...

RStudio Connect - Open Redirect

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. id: CVE-2022-38131 info: name: RStudio Connect - Open Redirect author: xxcdd severity: medium description: | RStudio Connect prior to...

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

LabKey Server Community Edition <18.3.0 - Cross-Site Scripting

LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. id: CVE-2019-3911 info: name: LabKey Server Communi...

Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery

Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-5775 info: name: Canva...

Thinfinity VirtualUI User Enumeration

Thinfinity VirtualUI before v3.0, /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users Administrator, Guest, etc. id: CVE-2021-44848 info: name: Thinfinity VirtualUI User Enumeration author: danielmofer severity: medium...

Thinfinity Iframe Injection

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...

HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access

HPE Smart Update Manager SUM prior to version 8.5.6 could allow remote unauthorized access. id: CVE-2020-7136 info: name: HPE Smart Update Manager 8.5.6 - Remote Unauthorized Access author: gy741 severity: critical description: HPE Smart Update Manager SUM prior to version 8.5.6 could allow remot...

WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion

WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't...

Magento Mass Importer <0.7.24 - Remote Auth Bypass

Magento Mass Importer aka MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. id: CVE-2020-5777 info: name: Magento Mass Importer 0.7.24 - Remote Auth Bypass author: dwisiswant0...

CSE Bookstore 1.0 - SQL Injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. id: CVE-2020-36112 info: name: CSE Bookstor...

DVDFab 12 Player/PlayerFab - Local File Inclusion

DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player recently renamed PlayerFab has read-access. id: CVE-2022-25216 info: name: DVDFab 12 Player/PlayerFa...

Buffalo WSR-2533DHPL2 - Configuration File Injection

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution. id:...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the traceroute function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic...

Draytek VigorConnect 6.0-B3 - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id: CVE-2021-201...

Flowise <= 1.8.2 Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. id: CVE-2024-8181 info: name: Flowise = 1.8.2 Authentication Bypass author:...