An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext …
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their …
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them …
An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data …
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert …
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible …
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary …
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via …
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if …
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the …
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add …
The CPIO extraction functionality doesn’t sanitize the paths of the archived files for leading and non-leading ".." which leads …
●●●
NVD
EXPLOITS
SECURELIST