4136 matches found
Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network...
FortiLogger 4.4.2.2 - Arbitrary File Upload
FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...
MasterStudy LMS <2.7.6 - Improper Access Control
WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data...
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI. id: CVE-2018-16133 info: name: Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion author: 0xAkoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI...
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...
WordPress Perfect Survey <1.5.2 - SQL Injection
Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. id: CVE-2021-24762 info: name: WordPress Perfect Survey 1.5.2 - SQL...
IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...
CRMEB v.5.2.2 - SQL Injection
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. id: CVE-2024-36837 info: name: CRMEB v.5.2.2 - SQL Injection author: DhiyaneshDk severity: high description: | SQL Injection...
ThinVNC - Authentication Bypass
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...
Next.js Middleware Bypass
Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other securit...
Cisco IOS XE Web UI - Command Injection
A vulnerability in the web UI component of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system. This vulnerability is due to improper input validation in the web UI. An attacker could exploit...
Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...
PrestaShop SmartBlog <4.0.6 - SQL Injection
PrestaShop SmartBlog by SmartDataSoft 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality. id: CVE-2021-37538 info: name: PrestaShop SmartBlog 4.0.6 - SQL Injection author: whoever severity: critical description: PrestaShop SmartBlog by SmartDataSoft 4.0.6 is...
WordPress Statistics <13.0.8 - Blind SQL Injection
WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...
KONGA 0.14.9 - Privilege Escalation
KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...
Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...
Wazuh - Unsafe Deserialization Remote Code Execution
A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...
Webmin <1.990 - Improper Access Control
Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without enterin...
SAP Internet Graphics Server (IGS) - XML External Entity Injection
SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...
WordPress Sitemap by click5 <1.0.36 - Missing Authorization
WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain...
Tenda AC1200 V-W15Ev2 - Authentication Bypass
The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...
NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...
Kerio Control v9.2.5 - CRLF Injection
Kerio Control, formerly known as Kerio WinRoute Firewall, has been found vulnerable to multiple HTTP Response Splitting vulnerabilities in product affecting versions 9.2.5 id: CVE-2024-52875 info: name: Kerio Control v9.2.5 - CRLF Injection author: ritikchaddha,iamnoooob,rootxharsh,pdresearch...
Apache Tomcat Path Equivalence - Remote Code Execution
Path Equivalence- 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. id: CVE-2025-24813 info: name: Apache Tomcat Path Equivalence - Remote Code Execution...
ECTouch v2 - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...
SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection
The SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway is vulnerable to command injection. id: CVE-2023-41109 info: name: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway - Command Injection author: princechaddha severity: critical description: | The SmartNode SN200 Analog...
Apache Superset - Authentication Bypass
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. id: CVE-2024-24919 info: name: Check Poi...
NextGen Mirth Connect - Remote Code Execution
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution...
Enrollment System Project v1.0 - SQL Injection Authentication Bypass
Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection SQLI attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username an...
CData Connect < 23.4.8846 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...
Ruby On Rails - Local File Inclusion
Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...
PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...
Ghost CMS < 5.42.1 - Path Traversal
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. id: CVE-2023-32235 info: name: Ghost CMS 5.42.1 - Path Traversal author: j3ssie severit...
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI for authentication bypass to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. id: CVE-2021-23241 info: name: MERCUSYS Mercury X18G 1.0.5 Route...
Cisco ASA - Local File Inclusion
Cisco Adaptive Security Appliances ASA web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will not reload, but an attacker...
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks = 1.9.6 is vulnerable to unauthenticated remote code execution RCE which means that anybod...
Fortra GoAnywhere MFT - Remote Code Execution
Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. id: CVE-2023-0669 info: name: Fortra GoAnywhere MFT - Remote...
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
Open redirect vulnerability in red2301.html in HP System Management Homepage SMH 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. id: CVE-2010-1586 info: name: HP System Management Homepage SMH v2.x.x.x - Open...
TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...
PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. id: CVE-2023-30150 info: name: PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection author: mastercho severity: critical description: | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerab...
Deep Sea Electronics DSE855 - Authentication Bypass
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. id: CVE-2020-7980 info: name: Satellian Intellian Aptus Web...
WordPress Google Maps <7.11.18 - SQL Injection
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute...
TOTOLINK Realtek SD Routers - Remote Command Injection
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...
GenieACS => 1.2.8 - OS Command Injection
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...
Essential Blocks < 4.4.3 - Local File Inclusion
Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...