| Page(s) : 1 ... 189 190 191 192 193 194 195 196 197 198 [199] 200 201 202 203 204 205 206 207 208 209 ... | Result(s) : 324508 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-21 | CVE-2025-41232 | cve | Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by thi... |
| N/A | 2025-05-21 | CVE-2025-48413 | cve | The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no ... |
| N/A | 2025-05-21 | CVE-2025-48414 | cve | There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functio... |
| 5.4 | 2025-05-21 | CVE-2025-4105 | cve | The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment... |
| 6.4 | 2025-05-21 | CVE-2025-4217 | cve | The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, an... |
| 6.4 | 2025-05-21 | CVE-2025-4219 | cve | The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to i... |
| 6.4 | 2025-05-21 | CVE-2025-4221 | cve | The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and inc... |
| 6.4 | 2025-05-21 | CVE-2025-4611 | cve | The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in al... |
| 7.2 | 2025-05-21 | CVE-2025-4803 | cve | The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deseriali... |
| N/A | 2025-05-21 | CVE-2025-1416 | cve | In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to ... |
| N/A | 2025-05-21 | CVE-2025-1417 | cve | In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information inc... |
| N/A | 2025-05-21 | CVE-2025-1418 | cve | A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profi... |
| N/A | 2025-05-21 | CVE-2025-1419 | cve | Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has... |
| N/A | 2025-05-21 | CVE-2025-1420 | cve | Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting a... |
| N/A | 2025-05-21 | CVE-2025-1421 | cve | Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and co... |
| N/A | 2025-05-21 | CVE-2025-40775 | cve | When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immedia... |
| N/A | 2025-05-21 | CVE-2025-48415 | cve | A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be ex... |
| N/A | 2025-05-21 | CVE-2025-48416 | cve | An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configurat... |
| N/A | 2025-05-21 | CVE-2025-48417 | cve | The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped wit... |
| N/A | 2025-05-21 | CVE-2024-42922 | cve | AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. |
| Page(s) : 1 ... 189 190 191 192 193 194 195 196 197 198 [199] 200 201 202 203 204 205 206 207 208 209 ... | Result(s) : 324508 |
