14 matches found
CVE-2017-12677
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
CVE-2025-12677
creationtimestamp| type| source ---|---|--- 2025-11-05 09:37:06+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4uqqihggap2...
WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Webhook Key Exposure vulnerability
Unauthenticated Webhook Key Exposure vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...
CVE-2024-12677
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code...
CVE-2024-12677
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code...
CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code...
CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code...
CVE-2020-12677
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...
CVE-2020-12677
CVE-2020-12677 affects Progress MOVEit Automation Web Admin. An endpoint fails to sanitize input, enabling XSS that could let an unauthenticated attacker execute arbitrary code in a victim’s browser. Affected versions include 2018.0 before 2018.0.3; 2018 SP1–SP2 before 2018.2.3–2018.3.7; 2019.0 b...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12677. Reason: This candidate is a reservation duplicate of CVE-2020-12677. Notes: All CVE users should reference CVE-2020-12677 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2020-12678
CVE-2020-12678 entry is rejected/not used per the initial description.
CVE-2019-12677
Cisco ASA SSL VPN DoS (CVE-2019-12677) arises from improper handling of Base64-encoded strings. An authenticated, remote attacker can open numerous SSL VPN sessions to exhaust memory, preventing new SSL/TLS sessions. Recovered only by device reload; established sessions and traffic through the de...
CVE-2017-12677
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
CVE-2017-12677
IdentityServer3 versions 2.4.x, 2.5.x, and 2.6.x prior to 2.6.1 are affected by a cross-site scripting (XSS) vulnerability on the authorize response page due to an Angular expression. This could allow remote attackers to obtain sensitive information about the IdentityServer authorization response...