1052 matches found
CVE-2024-8531
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...
Important: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : tuned (RHSA-2025:0880)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0880 advisory. The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: improper sanitizatio...
UBUNTU-CVE-2024-55228
A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...
CVE-2024-55227
A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...
CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido
Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...
CVE-2024-57772
A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
CVE-2024-57774
A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57772
A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-22996
A stored cross-site scripting XSS vulnerability in the spftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
CVE-2024-41453
A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2024-56377
A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...
CVE-2024-56376
A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...
CVE-2024-42898
A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...
Grav Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-35498
A cross-site scripting XSS vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-35498
CVE-2024-35498 targets Grav CMS v1.7.45 with a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected component: Grav CMS ( Grav v1.7.45 ); vulnerability type: XSS. Impact is limited to web scripting/HTML execution...
CVE-2024-10453
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes...