15 matches found
CVE-2026-34354
creationtimestamp| type| source ---|---|--- 2026-05-08 16:04:56+00:00| seen| https://bsky.app/profile/pigondrugs.bsky.social/post/3mle4bha7b72e 2026-05-09 19:54:24+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3mlgzkpanzm2z...
CVE-2024-34354
CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...
CVE-2024-34354
CMSaaSStarter JWT token not verified on server session affects forks prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6. Affected software: CMSaaSStarter templates, built with SvelteKit/Tailwind/Supabase. Root cause: user JWT token not validated on the server session. Remediation: apply pat...
CVE-2023-34354
creationtimestamp| type| source ---|---|--- 2023-10-11 20:17:55+00:00| seen| https://t.me/cibsecurity/72125...
CVE-2023-34354
The TALOS advisory (TALOS-2023-1781) confirms a stored cross-site scripting (XSS) vulnerability in Peplink Surf SOHO HW1 v6.3.5 (QEMU). The issue resides in the upload_brand.cgi handler, where an authenticated user can trigger arbitrary JavaScript execution in another user’s browser via a crafted...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...
CVE-2022-34354
creationtimestamp| type| source ---|---|--- 2022-11-17 15:52:56+00:00| seen| https://t.me/cibsecurity/53040...
CVE-2022-34354
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
CVE-2022-34354
Affected product: IBM Sterling Partner Engagement Manager 2.0. The vulnerability is an information disclosure where encrypted client data stored locally can be read by another user on the same system. Root cause: inadequate protection of locally stored data leading to exposure. Impact: confidenti...
CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...
CVE-2021-34354 Stored Cross-site Scripting Vulnerability in Photo Station
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18...
CVE-2021-34354
CVE-2021-34354 affects QNAP Photo Station prior to and including versions before 6.0.18; it is a stored XSS vulnerability that allows remote attackers to inject malicious code. Affected product: QNAP Photo Station. Root cause: cross-site scripting in the application (exact vulnerable component/fi...
CVE-2025-34354
This CVE entry is rejected/not used and does not represent an active vulnerability.
CVE-2025-34354
...