Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploi
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To expl
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a mal
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, a
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform,
A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executi
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticate
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login en
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST paramete
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying oper
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verificatio
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote atta
A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in un
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266.
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to w
Page 1+ Next →