408 matches found
Securepoint UTM - Leaking Remote Memory Contents
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...
SecurePoint UTM 12.x Session ID Leak
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. id:...
WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...
EUVD-2026-23342
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
CVE-2024-39340
The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...
WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...
CVE-2025-13072
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-13073
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
EUVD-2025-202398
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-13073
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-13073
CVE-2025-13073 refers to the HandL UTM Grabber / Tracker WordPress plugin (versions before 2.8.1). The issue is a Reflected Cross‑Site Scripting flaw where a parameter is output without proper sanitization/escaping, enabling an attacker to potentially affect high‑privilege users (e.g., admin). Af...
CVE-2025-13073 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via handl_landing_page
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-13072
The HandL UTM Grabber / Tracker WordPress plugin (versions prior to 2.8.1) is affected by CVE-2025-13072 due to improper sanitization/escaping of a parameter before it is reflected back on the page, enabling a Reflected XSS that could target high-privilege users such as admins. The issue is confi...
CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin HandL UTM Grabber / Tracker 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
EUVD-2010-2300
Malware in sbrugna...
EUVD-2019-6693
Malware in sbrugna...
EUVD-2019-0817
Malware in sbrugna...