Security Findings

An improper access check in Joomla's webservice endpoints allows unauthorized users to access sensitive information. This vulnerability can potentially lead to data exposure and unauthorized actions within the system. It is crucial for users to update their Joomla installations to mitigate this risk.

A SQL injection vulnerability has been identified in the Joomla! core, specifically in the articles webservice endpoint of the com_content component. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access. Users are advised to update their Joomla! installations to mitigate this risk.

ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to a Stored XSS vulnerability in the Public Folders report. This issue could allow an attacker to inject malicious scripts into the application, potentially compromising user data and session integrity.

ManageEngine Exchange Reporter Plus versions 5723 and below are affected by a stored XSS vulnerability in the Folder Message Count and Size report. This vulnerability could allow an attacker to execute malicious scripts in the context of the user's session. Users are advised to review the advisory for mitigation steps.

ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to a Stored XSS vulnerability in the Mails Deleted or Moved report. This issue could allow an attacker to execute arbitrary scripts in the context of the user's session, potentially compromising sensitive information.

ManageEngine Exchange Reporter Plus versions prior to 5723 are affected by a Stored Cross Site Scripting (XSS) vulnerability in the reports module. This vulnerability allows an attacker to inject malicious scripts into the reports, which can be executed in the context of other users' sessions.

ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to a Stored Cross Site Scripting (XSS) issue in the Instant Search option. This vulnerability could allow an attacker to inject malicious scripts into the application, potentially compromising user data and session integrity.

ManageEngine Exchange Reporter Plus is vulnerable to a Regular expression Denial of Service (ReDoS) attack in its search module. This vulnerability can be exploited by authenticated users, potentially leading to service disruption. Users are advised to review the provided advisory for mitigation steps.

Astro, a web framework, has a vulnerability in its image proxy feature that allows attackers to bypass domain validation. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). The issue affects versions 5.13.4 to 5.13.9 and is fixed in version 5.13.10.

ManageEngine Applications Manager versions 176800 and below are affected by an information disclosure vulnerability in the File/Directory monitor. This issue can expose sensitive information when the content check feature is enabled. Users are advised to upgrade to version 176701 or 176900 and above to mitigate this risk.

ManageEngine Applications Manager versions 176600 and prior are vulnerable to a stored cross-site scripting (XSS) issue in the File/Directory monitor. This vulnerability could allow an attacker to inject malicious scripts into the application, affecting users who access the compromised content. Users are advised to upgrade to version 176700 or later to mitigate this risk.

ManageEngine Exchange Reporter Plus versions 5722 and below are vulnerable to a Stored XSS attack in the Folder-wise read mails with subject report feature. This vulnerability could allow an attacker to inject malicious scripts that may be executed in the context of the user's session.

ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to a remote code execution (RCE) flaw in the Content Search module. This vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to unauthorized access and control.

A stored XSS vulnerability in Flarum allows attackers to inject malicious HTML through discussion titles, leading to potential account takeover. This issue affects all Flarum installations from version 1.5.0 to 1.6.1. Users are advised to upgrade to version 1.6.2 to mitigate the risk.

Cyclos versions prior to 4.14.15 are vulnerable to a remote code execution (RCE) attack. This vulnerability allows an attacker to execute arbitrary code on the server, potentially compromising sensitive data and system integrity.

An integer overflow vulnerability in Cesanta Mongoose version 6.16 can be exploited by an attacker to trigger a remote denial of service (DoS) condition, potentially leading to an infinite loop or an out-of-bounds write. This issue arises from the handling of crafted MQTT protocol packets.

The D-Link DNS-320 ShareCenter versions up to 2.05.B10 are vulnerable to unauthenticated remote code execution due to a flaw in the login_mgr.cgi script. This vulnerability allows attackers to execute arbitrary commands on the device without authentication, posing a significant security risk.

Trape 2.0 has vulnerabilities related to SQL injection (SQLi) and stored cross-site scripting (XSS). These flaws allow attackers to execute arbitrary SQL commands and inject malicious scripts, potentially compromising user data and application integrity.

Multiple cross-site scripting (XSS) vulnerabilities have been identified in i-Librarian version 4.10. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through various parameters, potentially compromising user data and application integrity.

A path traversal vulnerability in the serve npm package version 7.0.1 allows attackers to read the contents of arbitrary files on the remote server. This can lead to unauthorized access to sensitive information stored on the server.