CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

EUVD-2020-3171

Malware in sbrugna...

EUVD-2016-3644

Malware in sbrugna...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from a cookie mark...

CVE-2022-33859

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary...

phpMyAdmin 4.x < 4.8.3 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly handle malicious filenames leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal (CVE-2020-25176)

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

MuleSoft Mule 代码问题漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A code issue vulnerability exists in MuleSoft Mule, which originates in the Mule runtime component. The...

Remote code execution

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

Rockwell Automation ISaGRAF5 Runtime (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...

MuleSoft Mule Resource Management Error Vulnerability

MuleSoft Mule is a lightweight integration platform from MuleSoft, USA. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule Community and Enterprise Editions versions 3.8.x, 3.9.x, and 4.x released before Apri...

Red Hat Resteasy Input Validation Error Vulnerability

Red Hat Resteasy is the United States Red Hat Red Hat, a JAX-RS a Java programming language API specification implementation. An input validation error vulnerability exists in Red Hat Resteasy versions 3.x.x prior to 3.12.0.Final and 4.x.x prior to 4.6.0.Final, which arises from a networked syste...

PT-2020-14913 · Freeipa +6 · Ipa +6

Name of the Vulnerable Software and Affected Versions: ipa versions 4.x.x through 4.8.0 Description: A flaw was found in the password hashing process. When a very long password = 1,000,000 characters is sent to the server, it could exhaust memory and CPU, leading to a denial of service and the...

Null pointer dereference

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to...

Squid Security Update Advisory SQUID-2019:1

Squid is prone to a denial of service vulnerability due to incorrect string termination the cachemgr.cgi which may access unallocated memory. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Information disclosure

Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...

UBUNTU-CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write ...

Linux kernel information disclosure vulnerability (CNVD-2019-23988)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel versions 4.1 through 4.x and 5.x prior to 5.0.8. The vulnerability arises from errors such as...

CVE-2019-9563

In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads...

CVE-2016-6704

An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue ...