CVE-2026-35203

creationtimestamp| type| source ---|---|--- 2026-04-06 21:21:26+00:00| published-proof-of-concept| Telegram/xKxKUYX0BRejEqYlrURXsjCQY9BctYcoeewNmSMWqY7riM 2026-04-07 05:39:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miv2ujyo2u27...

CVE-2026-35203 ZLMediaKit VP9 RTP Parser Out-of-Bounds Read

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

MAL-2025-35203 Malicious code in test-mlw2-direr-vodka (npm)

The package test-mlw2-direr-vodka was found to contain malicious code...

CVE-2021-35203

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

CVE-2022-35203

creationtimestamp| type| source ---|---|--- 2022-08-23 16:35:37+00:00| seen| https://t.me/cibsecurity/48581...

CVE-2022-35203

An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information...

CVE-2022-35203

CVE-2022-35203 concerns TrendNet TV-IP572PI v1.0 with an access control flaw that allows unauthenticated attackers to access sensitive system information. Root cause: improper access control. Impact: exposure of sensitive system data. Public details indicate exploitation specifics are not provide...

CVE-2022-35203

An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information...

CVE-2021-35203

creationtimestamp| type| source ---|---|--- 2021-09-30 22:13:50+00:00| seen| https://t.me/cibsecurity/29758...

CVE-2021-35203

Netscout nGeniusONE 6.3.0 build 1196 is affected by CVE-2021-35203, a vulnerability that allows Arbitrary File Read through the FDSQueryService endpoint due to incorrect user access control. Exploitation details are not provided in the connected documents; no in‑the‑wild exploit information is ci...

CVE-2020-35203

creationtimestamp| type| source ---|---|--- 2021-01-11 07:45:12+00:00| seen| https://t.me/cibsecurity/21889...

CVE-2020-35203

Consolidated details from connected sources confirm CVE-2020-35203 describes a Reflected XSS in Quest Policy Authority’s Web Compliance Manager (version 8.1.2.200). The vulnerability arises when an attacker crafts a link targeting initFile.jsp with a malicious msg parameter, enabling script injec...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...