CVE-2020-12765

Solis Miolo 2.0 allows index.php?module=install=view= Directory Traversal...

CVE-2020-10670

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version...

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45600

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2022-26951

Archer 6.x through 6.10 6.10.0.0 contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...

CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...

CVE-2023-25911

The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters...

CVE-2023-4098

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

EUVD-2026-1664

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

PT-2026-2115

Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set versions prior to 4.22.0 OWASP Core Rule Set versions prior to 3.3.8 Description A bug in rule 922110 affects the processing of multipart requests with multiple parts. When the first rule in a chain iterates over a collecti...

OWASP CRS 安全漏洞

OWASP CRS is an open source attack detection rule set from the CRS Project. A security vulnerability exists in OWASP CRS versions prior to 4.22.0 and prior to 3.3.8, which stems from a flaw in rule 922110 when processing multipart requests, which could lead to malicious character sets being ignor...

CVE-2025-60534

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials...

CVE-2019-12775

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...

CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 14.0.11, 2022.1.12 14.1.12, 2023.0.9 15.0.9, 2023.1.4 15.1.4, a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which result...

CVE-2024-2343

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Commvault WebConsole 安全漏洞

Commvault WebConsole is a web-based management platform from Commvault USA. A security vulnerability exists in Commvault WebConsole that originates from storing user input directly in a web page, which could lead to a cross-site scripting attack...

CVE-2025-60534

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials...

CVE-2025-15447

A vulnerability has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. This affects an unknown function of the file /assetsGroupReport/assetsService.j%73p. The manipulation of the argument unitCode leads to sql injection. It is possible to initiate the attack remotely. The...