CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

CVE-2024-39020

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/vpsApiDatadeal.php?mudi=rev=close...

CVE-2024-39021

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/vpsApiDatadeal.php?mudi=del...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

PT-2019-16904 · Ibm · Ibm Websphere Extreme Scale

Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...