Advisories

• CVE-2025-48953 - Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
• CVE-2025-3760 - Stored Cross-Site Scripting in Liferay Portal and Liferay DXP
• CVE-2024-28627 - Password protection bypass with javascript tampering
• CVE-2024-25697 - Cross-site Scripting vulnerability in Portal for ArcGIS
• CVE-2024-0396 - Missing Server-Side Input Validation leads to computational errors and potential denial of service in Progress MOVEit Transfer
• CVE-2023-48166 - Path Traversal vulnerability in Atos Unify OpenScape Voice
• CVE-2023-26218 - Cross-site Scripting vulnerabilities in TIBCO Nimbus
• CVE-2023-38722 - Stored Cross-Site Scripting in IBM Sterling Partner Engagement Manager
• CVE-2023-26101 - Path Traversal vulnerability in Flowmon Packet Investigator 12.0.1
• CVE-2023-26100 - Reflected XSS vulnerability in FMC Analysis
• CVE-2023-26020 - SQL injection in search for users and groups in CrafterCMS
• CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS
• CVE-2023-0642 - Cross-Site Request Forgery (CSRF) in Squidex CMS
• CVE-2022-37721 - Stored Cross-Site Scripting in PyroCMS
• CVE-2022-37720 - Stored Cross-Site Scripting in OrchardCMS
• CVE-2022-40488 - Multiple Cross-Site Request Forgery on ProcessWire
• CVE-2022-40487 - Multiple Cross-Site Scripting on ProcessWire
• CVE-2022-37251 - Stored XSS in Drafts in Craft CMS
• CVE-2022-37250 - Stored XSS in User Addresses Title in Craft CMS
• CVE-2022-37248 - Stored XSS in Field Layout in Craft CMS
• CVE-2022-37247 - Stored XSS in Fields in Craft CMS
• CVE-2022-37246 - DOM Stored XSS in Craft CMS
• CVE-2022-36968 - Multiple CSRF on WS_FTP lead to RCE
• CVE-2022-36967 - Multiple Reflected Cross-Site Scripting (XSS) on WS_fTP
• CVE-2022-0828 Master Key bruteforce Wordpress Download Manager plugin
• CVE-2021-40377 Stored XSS via email content allow account takeover
• CVE-2022-0770 CSRF leads to account takeover Wordpress plugin Gtranslate
• CVE-2021-25087 Bypass file protection mechanisms Download Manager Wordpress plugin
• CVE-2021-31858 Stored Cross-Site Scripting in DotNetNuke
• CVE-2021-42567 Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
• CVE-2021-44263 Cross-Site Scripting in Gurock TestRail
• CVE-2021-41844 Open Redirect in JetEngine Wordpress Plugin
• CVE-2021-38607 Stored Cross-Site Scripting in JetEngine Wordpress Plugin
• CVE-2020-13639 - Outsystems ECT Provider Unauthenticated Cross-Site Scripting Stored
• CVE-2019-5493 - Information Disclosure Vulnerability in Data ONTAP operating in 7-Mode
• CVE-2021-29357 - Outsystems ECT Provider Server Side Request Forgery
• CVE-2020-13963 - SOPlanning Authentication Bypass
• CVE-2020-15934 - Privilege escalation vulnerability in FortiClient for Linux
• CVE-2018-10377 - Insufficient Validation of Burp Collaborator Server Certificate
• CVE-2017-9376 - ManageEngine ServiceDesk Plus Local File Inclusion
• CVE-2017-9362 - ManageEngine ServiceDesk Plus XML External Entity via CMDB API
• CVE-2017-10992 - HP Storage Essentials Remote Code Execution via Java deserialization
• CVE-2016-10125 - DLink DGS-1100 switch static hard-coded TLS crypto keys in firmware
• CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
• CVE-2016-4056 - Stored Cross-Site Scripting in TYPO3 Bookmarks
• Insecure Direct Object Reference in OSTicket attachments
• CVE-2015-7968 - SAP Netweaver Application Server XXE (SAP Security Note 2183189)
• Google AOSP Email App HTML Injection
• CVE-2015-7342 Multiple SQL Injection in JNews Joomla Component
• CVE-2015-7340 SQL Injection in JEvents Joomla Component
• CVE-2015-7338 SQL Injection in AcyMailing Joomla Component
• CVE-2015-7341 Bypass File Upload Restriction in JNews Joomla Component
• CVE-2015-7343 Reflected Cross-Site Scripting in JNews Joomla Component
• CVE-2015-7339 Bypass File Upload Restriction in JCE Joomla Component
• CVE-2015-7344 Cross-Site Scripting in HikaShop Joomla Component
• CVE-2015-7349 - Reflected cross-site scripting vulnerability in DIGIPASS authentication for Citrix Web Interface
• CVE-2015-3784 Apple iOS Office Viewer XXE vulnerability
• CVE-2014-4925 HTML injection in Good For Enterprise Android
• CVE-2014-1635 Belkin N750 Buffer Overflow
• CVE-2014-1634 - SQL Injection in Advanced Newsletter Magento extension
• CVE-2013-3319 - SAP Host Agent Information Disclosure

Latest Advisories

• CVE-2025-48953 - Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
• CVE-2025-3760 - Stored Cross-Site Scripting in Liferay Portal and Liferay DXP
• CVE-2024-28627 - Password protection bypass with javascript tampering
• CVE-2024-25697 - Cross-site Scripting vulnerability in Portal for ArcGIS
• CVE-2024-0396 - Missing Server-Side Input Validation leads to computational errors and potential denial of service in Progress MOVEit Transfer

Latest Articles

• The Curious Case of Apple iOS IKEv2 VPN On Demand
• Gmail Android app insecure Network Security Configuration.
• Reviewing Android Webviews fileAccess attack vectors.
• Droidstat-X, Android Applications Security Analyser Xmind Generator
• Uber Hacking: How we found out who you are, where you are and where you went!