PT-2026-38674

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.136.0.9 cPanel versions prior to 11.136.1.10 WP Squared cPanel versions prior to 11.134.0.25 cPanel versions prior to 11.132.0.31 cPanel versions prior to 11.130.0.22 cPanel versions prior to 11.126.0.58 cPanel...

PT-2026-38673

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.136.0.9 cPanel versions prior to 11.136.1.10 WP Squared cPanel versions prior to 11.134.0.25 cPanel versions prior to 11.132.0.31 cPanel versions prior to 11.130.0.22 cPanel versions prior to 11.126.0.58 cPanel...

CVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the process that writes configuration payloads to the audit log, where sensitive fields such as ldapsearchpassword and oidcclientsecret are not redacted. An attacker can obtain...

CVE-2025-7329

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation...

Apache RocketMQ < 4.9.6 / 5.0.x < 5.1.1 RCE

The version of Apache RocketMQ installed on the remote host is prior to 4.9.6 or 5.1.1. It is, therefore, affected by a remote code execution vulnerability. - For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of...

PT-2024-23588 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Dashing Diademata versions 2 Description: An issue was discovered in the default configurations of ROS2, allowing unauthenticated attackers to gain access. Recommendations: For ROS2 Dashing Diademata version 2, update the configuration t...

Apache RocketMQ Command Execution Vulnerability

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

VulnCheck KEV: CVE-2023-33246

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

PT-2023-4093 · Apache · Rocketmq

Name of the Vulnerable Software and Affected Versions: RocketMQ versions prior to 4.9.7 RocketMQ versions prior to 5.1.2 Description: The vulnerability in the RocketMQ NameServer component allows for remote command execution. This issue arises when NameServer addresses are exposed on the extranet...

GHSA-X3CQ-8F32-5F63 Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

Design/Logic Flaw

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

CVE-2023-33246

CVE-2023-33246 affects Apache RocketMQ 5.1.0 and earlier. The vulnerability arises from leakage of NameServer, Broker, and Controller on the extranet with insufficient permission verification, allowing an attacker to trigger remote code execution by using the update configuration function or by f...

CVE-2023-33246 Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

October 12, 2021—KB5006715 (Security-only update)

October 12, 2021—KB5006715 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support...

MGASA-2014-0058 Updated augeas package fixes security vulnerabilities

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user for example, an application running as root that is updating files in a directory owned by a...