Advisory Articles
Rocket Software TRUfusion Enterprise < 7.10.5 Full Server-Side Request Forgery Through Reverse Proxy Misconfiguration
Feb 16, 2026
Rocket Software TRUfusion Enterprise < 7.10.5 WsPortalV6UpDwAxis2Impl Path Traversal Remote Code Execution
Feb 16, 2026
HashiCorp Consul <= 1.21.5 Event Denial of Service
Nov 2, 2025
HashiCorp Consul <= 1.21.5 KVS Denial of Service
Nov 2, 2025
Rocket Software TRUfusion Enterprise "cobrandingImageName" Unauthenticated Path Traversal
Sep 30, 2025
Rocket Software TRUfusion Enterprise /trufusionPortal/fileupload Unauthenticated Path Traversal and Arbitrary File Write
Sep 30, 2025
Rocket Software TRUfusion Enterprise internal_admin_contact_login.jsp Unauthenticated PII Disclosure
Sep 30, 2025
Rocket Software TRUfusion Enterprise Use of Static Encryption Key to Create Session Cookies
Sep 30, 2025
Wing FTP Server Arbitrary Code Injection in User Session Files Leading to Remote Code Execution.
Jun 30, 2025
Wing FTP Server Incorrect Default Permission for FTP Service Account
Jun 30, 2025
Wing FTP Server Local Path Disclosure Through Overlong UID Session Cookie
Jun 30, 2025
Wing FTP Server Arbitrary Link Injection Leading to Cleartext Password Disclosure
Apr 26, 2025
SAP Emarsys SDK for Android <= 3.6.1 Sensitive Data Leak
Apr 10, 2025
FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading
Jun 1, 2023
SecurePoint UTM <= 12.2.5 “spcgi.cgi” Remote Memory Contents Information Disclosure
Apr 12, 2023
SecurePoint UTM <= 12.2.5 “spcgi.cgi” sessionId Information Disclosure Allowing Device Takeover
Apr 11, 2023
Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
Feb 8, 2023
Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
Feb 8, 2023
Intel Data Center Manager <= 5.1 Local Privileges Escalation
Dec 7, 2022
Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated SQL Injection
Dec 1, 2022
Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass
Nov 23, 2022
Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection
Nov 18, 2022
BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery
Nov 10, 2022
Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass
Aug 16, 2022
Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting
Jul 22, 2022
Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site
Jul 22, 2022
Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection
Jul 22, 2022
Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections
Jul 22, 2022
Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure
Jul 22, 2022
Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions
Jul 22, 2022
Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities
Jul 22, 2022
Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries
Jul 22, 2022
Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure
Jun 1, 2022
Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure
Jun 1, 2022
User Meta “um_show_uploaded_file” Path Traversal / Local File Enumeration
May 24, 2022
SAP Knowledge Warehouse <= 7.50 “SAPIrExtHelp” Reflected XSS
Mar 17, 2022
God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing
Oct 25, 2020
Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading
Sep 22, 2020
Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
Sep 14, 2020
o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect
Jul 1, 2020
MJML <= 4.6.2 mj-include "path" Path Traversal
Jun 14, 2020
SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections
Sep 10, 2019
SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS
Sep 10, 2019
Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting
May 19, 2019
Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection
May 13, 2019
Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions
Dec 20, 2017
Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure
Oct 18, 2017
AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information
Oct 13, 2017
Mattermost <= 3.5.1 /error Cross-Site Scripting
Jan 16, 2017
XenForo ToggleME 3.1.2 "/admin.php?options/list/Add mortoggleME" Multiple Persistent Cross-Site Scriptings
Sep 11, 2016
AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting
Aug 23, 2016
Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting
Jul 11, 2016
Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries
Jul 11, 2016
XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections
May 23, 2016
Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries
May 21, 2016
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting
May 3, 2016
Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass
Feb 23, 2016
Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
Sep 14, 2015
Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
Sep 3, 2015
GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
Mar 2, 2014
VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution
Feb 19, 2014
Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution
Feb 13, 2014
Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability
Nov 16, 2013
Kingsoft Office Writer v2012.8.1.0.3385 Buffer Overflow
Nov 1, 2013
Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
Oct 21, 2013
Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability
Aug 9, 2013
WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference
Jul 1, 2013
WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows
Jul 1, 2013
HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting
Mar 7, 2013
Serva v2.0.0 DNS Server Remote Denial of Service
Jan 14, 2013
Serva v2.0.0 HTTP Server GET Remote Denial of Service
Jan 14, 2013
NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow
Sep 16, 2012
Aoop CMS 0.3.6 SQL Injection / Cross Site Scripting
Aug 24, 2012
Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability
Jun 10, 2012
LAN Messenger v1.2.28 - Denial of Service Vulnerability
Apr 30, 2012
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
Apr 23, 2012
Crystal Office Suite v1.43 - Buffer Overflow Vulnerability
Apr 12, 2012
FileStream Turbo Browser v11.6 - Buffer Overflow
Apr 10, 2012
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
Apr 8, 2012
BulletProof FTP Client 2010 - Buffer Overflow Vulnerability
Apr 2, 2012
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
Mar 29, 2012
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
Mar 8, 2012
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
Mar 8, 2012
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
Mar 8, 2012
GPSMapEdit 1.1.73.2 - '.lst' Denial of Service
Mar 1, 2012
Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 Remote Buffer Overflow Vulnerability
Mar 1, 2012
Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
Feb 27, 2012
DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC
Feb 21, 2012
