CVE-2026-36828

CVE-2026-36828 describes a command-injection in Panabit PAP-XM320 up to v7.7. The vulnerable CGI is /cgi-bin/tools/ajax_cmd; when authenticated users supply action=runcmd, they can execute arbitrary shell commands with root privileges. Impact aligns with high-severity, full control over the host ...

EUVD-2022-1062

Malicious code in bioql PyPI...

LabF WinaXe FTP Client 安全漏洞

LabF WinaXe FTP Client is a tool for file transfer on Windows systems from LabF Corporation. A security vulnerability exists in LabF WinaXe FTP Client version 7.7, which stems from improper boundary checking by the FTP banner parsing function, which could result in a buffer overflow...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...

CVE-2025-26913

CVE-2025-26913 – AR for WordPress plugin is affected. The Wordfence vulnerability details (with the CVE linked) indicate an authenticated, stored cross-site scripting (XSS) vulnerability in AR for WordPress, affecting versions up to 7.7 in the WordPress plugin. The root cause is described as insu...

WordPress plugin AR For WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Link Library Plugin <= 7.6.11 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.6.11 Fixed in 7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID abed5ec79423 Credits Krzysztof Zając Required...

Virtualmin Cross-Site Scripting Vulnerability

Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in Cloudmin Services Client...

Tenable Nessus Agent SEoL (7.7.x)

According to its version, Tenable Nessus Agent is 7.7.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900...

Atlassian Jira 7.6.0 < 7.6.11 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

Atlassian Jira 7.7.0 < 7.13.1 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

Atlassian Jira 7.7.x < 7.13.8 Template Injection Vulnerability

According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...

CVE-2019-16294

SciLexer.dll in Scintilla in Notepad++ x64 before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file...

OpenSSH 7.7 - Username Enumeration Exploit

Exploit for linux platform in category remote exploits Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | |...

OpenSSH 2.3 7.7 - Username Enumeration

OpenSSH 2.3 7.7 - Username Enumeration Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | ...

CVE-2018-15473

A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data...

OpenSSH < 7.8 User Enumeration Vulnerability - Linux

OpenSSH is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

OpenSSH < 7.8 User Enumeration Vulnerability - Windows

OpenSSH is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...