4143 matches found
Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution
Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caused by unauthenticated network access via HTTP, letting unauthenticated attackers fully compromise the system, exploit requires network access via HTTP. id: CVE-2025-61882 info: name: Oracle E-Business Suite...
Dify - User Enumeration via "Account not found" Message
A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as "accountnotfound" or "Account not found.", allowi...
Open Redirect via Organization Switching
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL id: CVE-2025-6197 info:...
Adobe Commerce - Authentication Bypass
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...
WSO2 Management Console - Authentication Bypass
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...
Securden Unified PAM - Authentication Bypass
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM. id: CVE-2025-53118 info: name: Securden Unified PAM -...
Adobe Experience Manager Forms - Insecure Deserialization
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...
UNA CMS <= 14.0.0-RC4 - PHP Object Injection
The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...
WeiPHP 5.0 - Path Traversal
WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/downloadimgage, letting unauthenticated remote attackers read arbitrary files. id: CVE-2025-34045 info: name: WeiPHP 5.0 - Path Traversal author: pikpikcu...
Fanwei e-cology - SQL Injection
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...
Microweber CMS2.0 - Cross-Site Scripting
Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. id: CVE-2025-51501 info: name: Microweber CMS2.0 - Cross-Site Scripting author: nukunga severity: medium description: | Reflected...
GoAnywhere - Authentication Bypass
Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...
TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass
Hard-Coded Cryptographic key allowing to forge session cookies that can be used to entirely bypass authentication id: CVE-2025-27223 info: name: TRUfusion Enterprise = 7.10.4.0 - Authentication Bypass author: DhiyaneshDK,rcesecurity severity: critical description: | Hard-Coded Cryptographic key...
DAEnetIP4 METO v1.25 - Session Hijacking
DAEnetIP4 METO v1.25 contains improper session management in the /loginok.htm endpoint, letting attackers hijack sessions, exploit requires attacker to control or intercept session tokens. id: CVE-2025-28242 info: name: DAEnetIP4 METO v1.25 - Session Hijacking author: 0xAkoko severity: high...
Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution
Advanced Custom Fields: Extended WordPress plugin 0.9.0.5 through 0.9.1.1 contains a remote code execution caused by unsafe use of calluserfuncarray in prepareform function, letting unauthenticated attackers execute arbitrary code remotely. id: CVE-2025-13486 info: name: Advanced Custom Fields...
ESPHome - Authentication Bypass
ESPHome 2025.8.0 contains an authentication bypass caused by improper validation of base64-encoded Authorization values in the webserver component, letting attackers access functionality without valid credentials, exploit requires crafted Authorization header. id: CVE-2025-57808 info: name: ESPHo...
Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion
Traccar 5.8-6.0 non-default installs with web.override set and 6.1-6.8.1 default installs contain a local file inclusion vulnerability caused by enabled web override configuration, letting unauthenticated attackers leak arbitrary files including passwords, exploit requires local access. id:...
Astro - Reflected XSS via server islands feature
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application. id: CVE-2025-64764 info: name: Astro - Reflected XSS via server islands feature author: DhiyaneshDk,zhe...
XWiki XML View - Sensitive Information Exposure
A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template. id:...
Jenkins Sidepanel - Unauthorized Agent/Queue Exposure
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget. id:...
Unauthenticated Arbitrary Plugin Upload in Alone Theme
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. id: CVE-2025-5394 info: name: Unauthenticated Arbitra...
Gladinet CentreStack & Triofox - Hardcoded Credentials
Gladinet CentreStack and Triofox 16.12.10420.56791 contain a hardcoded credentials vulnerability caused by use of hardcoded AES cryptoscheme values, letting attackers perform arbitrary local file inclusion without authentication, potentially leading to full system compromise. id: CVE-2025-14611...
YesWiki <= 4.5.1 - Cross-Site Scripting
YesWiki alertdocument.domain","YesWiki"' - 'statuscode == 200' - 'containscontenttype, "text/html"' condition: and digest: 4a0a0047304502200362ca1190c63e21f2923bf08de7cb7da7b574446b257e6007dfd76d97c7ed0b02210097168371a37ae69e386417974c7fa650ac4099a59a65f245bd361ac61d391a41:922c64590222798b...
AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to obtain we...
AC Smart II - Authentication Bypass
AC Smart II contains an authentication bypass caused by a hidden password reset form that can be manipulated to change the administrator password without verifying login or permissions, letting attackers change admin passwords without authorization. id: CVE-2025-10204 info: name: AC Smart II -...
Microweber CMS 2.0 - Reflected XSS in Admin Page Creation
Reflected Cross-Site Scripting XSS exists in Microweber CMS 2.0 through the layout parameter on the /admin/page/create page. It allows arbitrary JavaScript to execute in the context of authenticated admin users. id: CVE-2025-51502 info: name: Microweber CMS 2.0 - Reflected XSS in Admin Page...
Parse Server - GraphQL Schema Information Disclosure
The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. id: CVE-2025-53364 info: name...
Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
SmarterMail - Unrestricted File Upload
Mail server contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload arbitrary files to any location, potentially enabling remote code execution. id: CVE-2025-52691 info: name: SmarterMail - Unrestricted File Upload author: DhiyaneshDK,watchTowr severity:...
WeGIA - Directory Traversal
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...
HPE OneView - Remote Code Execution
HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code. id: CVE-2025-37164 info: name: HPE OneView - Remote Code Execution author: DhiyaneshDk,garciaizcoa severity: critical description: | HPE OneView contains a remote code execution...
Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
Agent-Zero v0.8.0 - 0.9.4 contains a path traversal caused by improper validation in /api/downloadworkdirfile.py, letting attackers access unauthorized files, exploit requires crafted request. id: CVE-2025-55523 info: name: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download author: 0xAkoko...
Atarim < 4.2.2 - Sensitive Information Exposure
Vito Peleg Atarim = 4.2 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data remotely, exploit requires no special privileges. id: CVE-2025-60188 info: name: Atarim...
Avigilon ACM - Host Header Injection
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...
Zimbra Collaboration - Local File Inclusion
Zimbra Collaboration ZCS 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint. id:...
Commvault Unauthenticated Password Disclosure (WT-2025-0047)
An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...
PowerJob List - Authorization Bypass
PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges. id: CVE-2025-11580 info: name: PowerJob List - Authorization Bypass author: DhiyaneshDk severit...
The Events Calendar <= 6.15.2 - Information Disclosure
The Events Calendar WordPress plugin = 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication. id: CVE-2025-9808 info: name: The Events...
Commvault Initial Administrator Login Process Vulnerability
An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...
Vite - Information Disclosure
Vite is a frontend tooling framework for JavaScript.In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended wi...
Astro - Broken Access Control
Astro 2.16.0 to 5.15.5 contains a broken access control caused by insecure use of unsanitized x-forwarded-proto and x-forwarded-port headers in URL building, letting attackers bypass middleware protection, cause DoS, SSRF, and URL pollution, exploit requires crafted headers. id: CVE-2025-64525...
Hoverfly <= 1.11.3 - Remote Code Execution
Hoverfly versions 1.11.3 and below are vulnerable to remote code execution RCE via command injection in the middleware API endpoint /api/v2/hoverfly/middleware. Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the...
Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
Twonky Server 8.5.2 contains a broken access control vulnerability caused by bypassing web service API authentication, letting unauthenticated attackers read log files with administrator credentials, exploit requires no authentication id: CVE-2025-13315 info: name: Twonky Server 8.5.2 on Linux an...
Eveo URVE Web Manager - Server-Side Request Forgery
Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...
Omnissa Workspace ONE UEM - Path Traversal
Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...
XWiki REST API - Private Pages Disclosure
A vulnerability in XWiki's REST API allows unauthenticated users to access information about private pages through the pages endpoint. This could lead to disclosure of sensitive information and page metadata. id: CVE-2025-29925 info: name: XWiki REST API - Private Pages Disclosure author:...
DNN - Unrestricted Arbitrary File Upload
DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...
SpringBlade - Information Leakage
SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGNKEY, which can be exploited by...
IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...
Ntopng Authentication Bypass
Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...