14719 matches found
github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...
Wordpress Multiple Themes - Reflected Cross-Site Scripting
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting
The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
Journyx - XML External Entities Injection (XXE)
The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Fortinet FortiWeb - Authentication Bypass to Admin Privilege
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...
rConfig <3.9.4 - Sensitive Information Disclosure
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...
CVE-2026-12978
The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...
CVE-2026-47158
A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...
CVE-2026-42533
A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...
CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...
EUVD-2026-44684
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url
The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...
Oracle E-Business Suite Improper Privilege Management Vulnerability
Oracle E-Business Suite contains an improper privilege management vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments...