EUVD-2020-29051

Malware in sbrugna...

EUVD-2016-10296

Malware in sbrugna...

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

CVE-2025-34065 AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls...

CVE-2025-0574

Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

Cross Site Scripting

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability is due to inadequate input validation on user-supplied data through the URL path /dashboard/system/basics/name, allowing malicious scripts to be stored and executed in the context of the user's browser when the affected...

Social-Commerce 3.1.6 Cross Site Scripting

Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4174...

CVE-2022-42438

CVE-2022-42438 affects IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3. A root cause of the issue is an insufficient restriction of a directory path, allowing users without admin roles to access admin functions by specifying direct URL paths. Supported details from connected source...

Cross site scripting

MendixSSO = 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload m...

CVE-2019-18955

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019...