6.9
CVE-2020-36888 - SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing thβ¦
8.7
CVE-2020-36887 - SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
6.9
CVE-2020-36886 - SpinetiX Fusion Digital Signage 3.4.8 Cross-Site Request Forgery via User Creation
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full sβ¦
9.3
CVE-2020-36885 - Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potenβ¦
6.9
CVE-2020-36884 - BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcingβ¦
8.8
CVE-2020-36883 - SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to aβ¦
5.3
CVE-2025-62181 - Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where durinβ¦
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated β¦
9.4
CVE-2025-65950 - WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter
WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassinβ¦
7.8
CVE-2025-67460 - Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
5
CVE-2025-67461 - Zoom Rooms for macOS - External Control of File Name or Path
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.