PowerJob List - Authorization Bypass

PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges. id: CVE-2025-11580 info: name: PowerJob List - Authorization Bypass author: DhiyaneshDk severit...

Nuxeo <10.3 - Remote Code Execution

Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. id: CVE-2018-16341 info: name: Nuxeo 10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to a...

Memos 0.13.2 - Cross-Site Scripting & SSRF

An SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. id: CVE-2024-29029...

SmarterTools SmarterMail - Admin Password Reset

Detected a SmartMail admin password reset vulnerability by sending a POST request to the /api/v1/auth/force-reset-password endpoint, indicating that administrative password resets could potentially be triggered without proper authorization. id: CVE-2026-23760 info: name: SmarterTools SmarterMail ...

CaseAware a360inc - Cross-Site Scripting

a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in 2017 id: CVE-2024-25669 info: name: CaseAware a360inc - Cross-Site Scripting author: r3naissance severity: medium...

XWiki REST API - Private Pages Disclosure

A vulnerability in XWiki's REST API allows unauthenticated users to access information about private pages through the pages endpoint. This could lead to disclosure of sensitive information and page metadata. id: CVE-2025-29925 info: name: XWiki REST API - Private Pages Disclosure author:...

Hoverfly <= 1.11.3 - Remote Code Execution

Hoverfly versions 1.11.3 and below are vulnerable to remote code execution RCE via command injection in the middleware API endpoint /api/v2/hoverfly/middleware. Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the...

Omnissa Workspace ONE UEM - Path Traversal

Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...

Eveo URVE Web Manager - Server-Side Request Forgery

Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...

SOPlanning 1.52.00 Cross Site Scripting

SOPlanning v1.52.00 is vulnerable to XSS via the 'groupeid' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform. id: CVE-2024-33724 info: name: SOPlanni...

Atarim < 4.2.2 - Sensitive Information Exposure

Vito Peleg Atarim = 4.2 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data remotely, exploit requires no special privileges. id: CVE-2025-60188 info: name: Atarim...

Commvault Unauthenticated Password Disclosure (WT-2025-0047)

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...

Zimbra Collaboration - Local File Inclusion

Zimbra Collaboration ZCS 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint. id:...

Ditty < 3.1.58 - Server-Side Request Forgery

The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...

Microweber CMS2.0 - Cross-Site Scripting

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. id: CVE-2025-51501 info: name: Microweber CMS2.0 - Cross-Site Scripting author: nukunga severity: medium description: | Reflected...

XWiki REST API - Attachments Disclosure

A vulnerability in XWiki's REST API allows unauthenticated users to access attachments list and metadata through the attachments endpoint. This could lead to disclosure of sensitive information stored in attachments metadata. id: CVE-2025-46554 info: name: XWiki REST API - Attachments Disclosure...

Couchbase Server - Broken Access Control

Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit require...

Astro - Broken Access Control

Astro 2.16.0 to 5.15.5 contains a broken access control caused by insecure use of unsanitized x-forwarded-proto and x-forwarded-port headers in URL building, letting attackers bypass middleware protection, cause DoS, SSRF, and URL pollution, exploit requires crafted headers. id: CVE-2025-64525...

DNN - Unrestricted Arbitrary File Upload

DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...

ESPHome - Authentication Bypass

ESPHome 2025.8.0 contains an authentication bypass caused by improper validation of base64-encoded Authorization values in the webserver component, letting attackers access functionality without valid credentials, exploit requires crafted Authorization header. id: CVE-2025-57808 info: name: ESPHo...

Avigilon ACM - Host Header Injection

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...

Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution

Advanced Custom Fields: Extended WordPress plugin 0.9.0.5 through 0.9.1.1 contains a remote code execution caused by unsafe use of calluserfuncarray in prepareform function, letting unauthenticated attackers execute arbitrary code remotely. id: CVE-2025-13486 info: name: Advanced Custom Fields...

Unauthenticated Arbitrary Plugin Upload in Alone Theme

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. id: CVE-2025-5394 info: name: Unauthenticated Arbitra...

Digiever DS-2105 Pro - Command Injection

Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized input in timetzsetup.cgi, letting attackers execute arbitrary commands remotely, exploit requires no authentication. id: CVE-2023-52163 info: name: Digiever DS-2105 Pro - Command Injection author: rajesh-social-te...

Odoo - Cross-Site Scripting

Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint. id: CVE-2023-1434 info: name: Odoo - Cross-Si...

Mura/Masa CMS - SQL Injection

The Mura/Masa CMS is vulnerable to SQL Injection. id: CVE-2024-32640 info: name: Mura/Masa CMS - SQL Injection author: iamnoooob,rootxharsh,pdresearch severity: critical description: | The Mura/Masa CMS is vulnerable to SQL Injection. impact: | Successful exploitation could lead to unauthorized...

SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting

SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'timebegin' parameter to SolarHistory.php. id: CVE-2022-29299 info: name: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting author: For3stCo1d severity: medium description: | SolarView Compact version 6.00...

Temenos Transact - Cross-Site Scripting

Multiple vulnerabilities in Temenos Transact formerly T24 that allows multiple reflected cross-site scripting XSS attacks. id: CVE-2022-38322 info: name: Temenos Transact - Cross-Site Scripting author: qotoz severity: high description: | Multiple vulnerabilities in Temenos Transact formerly T24...

LG NAS Devices - Remote Code Execution

LG NAS devices contain a pre-auth remote command injection via the "password" parameter. id: CVE-2018-10818 info: name: LG NAS Devices - Remote Code Execution author: gy741 severity: critical description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter...

WPS Hide Login <= 1.5.2.2 - Login Page Bypass

WPS-Hide-Login plugin before 1.5.3 for WordPress contains an action=confirmaction protection bypass, letting attackers bypass security checks, exploit requires sending crafted requests. id: CVE-2019-15823 info: name: WPS Hide Login = 1.5.2.2 - Login Page Bypass author: pussycat0x severity: high...

AWStats <= 7.5 - Full Path Disclosure

AWStats 7.6 contains a full path disclosure caused by improper handling of framename and update parameters in awstats.pl, letting remote attackers determine server file paths, exploit requires sending crafted parameters. id: CVE-2018-10245 info: name: AWStats = 7.5 - Full Path Disclosure author:...

SpringBlade - Information Leakage

SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGNKEY, which can be exploited by...

CMP WordPress < 4.0.19 - Broken Access Control

CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...

SolarView Compact 6.00 - 'pow' Cross-Site Scripting

SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to SolarSlideSub.php. id: CVE-2022-29301 info: name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting author: For3stCo1d severity: high description: | SolarView Compact version 6.00 contains a...

Ntopng Authentication Bypass

Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...

IBM WebSphere HCL Digital Experience - Server-Side Request Forgery

IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...

Aurelia-Path < 1.1.7 - Prototype Pollution

Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...

AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to obtain we...

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

Puppeteer Renderer - Directory Traversal

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. id: CVE-2024-36527 info: name: Puppeteer Renderer - Directory Traversal author: Stux severity: medium...

XWiki – Stored Cross-Site Scripting (XSS)

XWiki through version 17.3.0 contains stored cross-site scripting caused by improper sanitization of inputs in the Administration interface's Presentation section, letting authenticated administrators inject JavaScript that executes in visitors' browsers, exploit requires administrator...

MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting

MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwpsetuppurchaseusername' parameter, letting unauthenticated attacke...

Nodogsplash - Directory Traversal

Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. id: CVE-2023-39120 info...

Django QuerySet.order_by - SQL Injection

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 contain a SQL injection caused by untrusted input in QuerySet.orderby, letting attackers execute arbitrary SQL commands, exploit requires attacker to control orderby input. id: CVE-2021-35042 info: name: Django QuerySet.orderby - SQL Injection...

Adobe Experience Manager Forms - Insecure Deserialization

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...

Güralp Systems FMUS Series - Unauthenticated Access

Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device. id: CVE-2025-8286 info: name: Güralp Systems FMUS Series - Unauthenticated...

Abandoned Cart Lite for WooCommerce - Authentication Bypass

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

WordPress XStore Theme - SQL Injection

SQL Injection vulnerability in the WordPress XStore Theme CVE-2024-33559. This flaw allows remote unauthenticated attackers to execute arbitrary SQL queries via the 's' query parameter in a POST request. id: CVE-2024-33559 info: name: WordPress XStore Theme - SQL Injection author: Haliteroglu...

CrushFTP - Authentication Bypass

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-2825 info: name: CrushFTP - Authenticatio...

Jenkins CLI - Java Deserialization

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...