CVE-2025-63601

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands...

CVE-2025-63601

CVE-2025-63601 affects Snipe-IT prior to 8.3.3. An authenticated attacker can upload a malicious backup file (via the backup/restore flow) containing arbitrary files and then execute system commands, yielding remote code execution. The vulnerability is described as a remote code execution with a ...

CVE-2024-25123

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

Design/Logic Flaw

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

CVE-2024-25123 Path Manipulation in file mslib/index.py in MSS

MSS Mission Support System is an open source package designed for planning atmospheric research flights. In file: index.py, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The filena...

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A malicious party could exploit the vulnerability to break into publicly accessible Confluence Data Center and Server instances, create unauthorized Confluence administrator accounts and gain access to Confluence instances. Atlassian has released...

Neos CMS Cross-Site Scripting Vulnerability

Neos CMS is an open source CMS software from Neos. A security vulnerability exists in Neos CMS version 8.3.3, which stems from the presence of a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary code by designing SVG files...

TravianZ 安全漏洞

TravianZ is a free-to-play, in-browser, web-based strategy game from Travian, a German company. A security vulnerability exists in TravianZ version 8.3.4, 8.3.3, which stems from incorrect access control. An attacker could exploit the vulnerability to override the server configuration and inject...

CVE-2021-40272

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS...

ITRS Group OP5 Monitor 跨站脚本漏洞

ITRS Group OP5 Monitor is a network monitoring and management software product for servers from the UK-based ITRS Group, based on the open source project Naemon. A security vulnerability exists in ITRS Group OP5 Monitor versions 8.3.1, 8.3.2, and OP5 8.3.3, which stems from vulnerability to...

PHP-Nuke SQL Injection Vulnerability (CNVD-2021-28375)

PHP-Nuke is a web-based automated news publishing and content management system. A SQL injection vulnerability exists in the "User Registration" section of PHP-Nuke version 8.3.3. An attacker can exploit this vulnerability to achieve remote code execution...

PHP-Nuke SQL注入漏洞

PHP-Nuke is a web-based automated news publishing and content management system. A SQL injection vulnerability exists in the "User Registration" section of PHP-Nuke version 8.3.3. An attacker can exploit this vulnerability to achieve remote code execution...

CVE-2018-18864

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...

Fortinet FortiWLC Hard-Coded Account Vulnerability

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in Fortinet FortiWLC 8.3.3. An attacker can exploit this vulnerability to gain unauthorized read/write access via a remote shell...