CVE-2025-59706

The CVE affects N2W prior to 4.3.2 and 4.4.0 prior to 4.4.1, where improper validation of API request parameters enables remote code execution. Root cause: parameter validation weakness in API handling. Impact: potential RCE with high severity. Mitigation: upgrade to a fixed release (N2W 4.3.2+ a...

EUVD-2015-9421

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

PT-2026-25723

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-2330 CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-2330 CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

PT-2026-23659

Name of the Vulnerable Software and Affected Versions CROWN versions affected versions not specified Description An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing...

CVE-2023-25911

The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters...

EUVD-2006-1851

Malware in sbrugna...

CVE-2025-42918

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2022-48324

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 pesquisa, 2 data, 3 data2, 4 nome, 5 descricao, 6 idDocumentos, 7 id in file application/controllers/Arquivos.php; 8 senha, 9 nomeCliente, 10 contato, 1...

CVE-2022-48326

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 nome, 2 aCliente, 3 eCliente, 4 dCliente, 5 vCliente, 6 aProduto, 7 eProduto, 8 dProduto, 9 vProduto, 10 aServico, 11 eServico, 12 dServico, 13 vServico...

CVE-2022-48326

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 nome, 2 aCliente, 3 eCliente, 4 dCliente, 5 vCliente, 6 aProduto, 7 eProduto, 8 dProduto, 9 vProduto, 10 aServico, 11 eServico, 12 dServico, 13 vServico...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple parameters such as setName, webappType, httpPort, dsName, description, phase, and url in different JSP pages. An attacker can inject arbitrary web script or HTML by sending crafted input to these...

Cross-Site Scripting (XSS)

ovidentia/ovidentia is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser through multiple parameters within the application...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

Design/Logic Flaw

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

Code injection

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872...