CVE-2026-27884

NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...

CVE-2024-27499

Bagisto v1.5.1 is vulnerable for Cross site scriptingXSS via png file upload vulnerability in product review option...

Cross site scripting

Bagisto v1.5.1 is vulnerable for Cross site scriptingXSS via png file upload vulnerability in product review option...

CVE-2024-27499

Bagisto v1.5.1 is vulnerable for Cross site scriptingXSS via png file upload vulnerability in product review option...

Webkul Software Bagisto Security Vulnerability

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto v1.5.1, which stems from a cross-site scripting XSS vulnerability in the product review option...

CVE-2024-27499

Bagisto v1.5.1 is vulnerable for Cross site scriptingXSS via png file upload vulnerability in product review option...

CVE-2024-27499

CVE-2024-27499 (Bagisto v1.5.1) describes a Cross-Site Scripting (XSS) vulnerability arising from insufficient validation of user-uploaded PNG files in the product review option. Multiple sources (including Red Hat, Veracode, and OSV/GHSA entries) align on the issue being an XSS in Bagisto’s revi...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...

Sql injection

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). Affected software: Bagisto 1.5.1; vulnerability type SSTI in template rendering. Underlying impact is described as HIGH for confidentiality, integrity, and availability; network attack vector with low privileges required and n...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...

CVE-2023-0678

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

Authorization

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2023-0677 Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

Design/Logic Flaw

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

Siemens Industrial Edge Management

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious maintenance requests...