CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45227)

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'dns.0.server' parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2023-45227

creationtimestamp| type| source ---|---|--- 2024-02-06 23:31:29+00:00| seen| https://t.me/ctinow/180400 2024-02-17 13:41:31+00:00| seen| https://t.me/ctinow/186920...

CVE-2023-45227

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-45227

Westermo Lynx 206-F2G (WeOS) CVE-2023-45227 is a Cross-Site Scripting vulnerability due to improper input neutralization in the web page generation for the dns.0.server parameter (CWE-79). An attacker with access to the vulnerable web application could inject arbitrary JavaScript, with the issue ...

CVE-2023-45227 Westermo Lynx Cross-site Scripting

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-45227 Westermo Lynx Cross-site Scripting

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2022-45227

The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication...

CVE-2022-45227

Dragino Lora LG01 IoT v4.3.4 web portal exposes a directory listing at /lib/ containing a backup file that can be downloaded without authentication. This leads to potential unauthorized exposure of sensitive data (confidentiality impact). The CVE entry notes high confidentiality impact with netwo...

CVE-2021-45227

creationtimestamp| type| source ---|---|--- 2022-04-14 18:19:05+00:00| seen| https://t.me/cibsecurity/40778...

CVE-2021-45227

COINS Construction Cloud 11.12 contains a persistent Cross-Site Scripting (XSS) flaw in the file upload flow due to inappropriate handling of HTML IFRAME elements. Root cause: improper IFRAME usage during uploads enables script persistence. Impact is documented as client-side compromise; CVSS sco...