137 matches found
CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
Injection
Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...
CVE-2026-1050
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
Digital-infrastructure SQL injection vulnerabilities
Digital-Infrastructure is an open-source management platform developed by Risesoft. Versions of Digital-Infrastructure 9.6.7 and earlier contain a SQL injection vulnerability. This vulnerability stems from incorrect operations on the component REST Authenticate Endpoint located in the file...
PT-2026-3745
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2025-67090
The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...
PT-2026-1871
Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...
CVE-2025-67090
GL.iNet AX1800 devices running firmware 4.6.4 or 4.6.8 are affected by CVE-2025-67090 due to lack of rate limiting or account lockout on the LuCI authentication endpoint (/cgi-bin/luci). This allows an unauthenticated attacker on the local network to perform unlimited password attempts against th...
CVE-2025-15106
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
EUVD-2025-205474
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106
The CVE-2025-15106 vulnerability affects the getmaxun project’s Authentication Endpoint, specifically the router.get in file server/src/routes/auth.ts. The underlying issue is improper authorization caused by manipulation of router.get, with remote exploit potential and a publicly available explo...
CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
PT-2025-53618
Name of the Vulnerable Software and Affected Versions getmaxun versions prior to 0.0.28 Description A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the router.get function within the server/src/routes/auth.ts file is susceptible to improper authorization due ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the \authentication\ file. An attacker can inject and execute arbitrary scripts by submitting crafted input to the affected endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs...
Exploit for CVE-2025-65899
CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...