CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

AZL-74778 CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

CVE-2025-49331

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

PT-2024-7007 · Oracle · Oracle Product Hub +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Item Catalog component of Oracle Product Hub, which can be exploited by a low-privileged attacker with network access via HTTP...

The vulnerability of the /v2/_catalog component of the Red Hat OpenShift Container Platform allows a attacker to trigger a service failure.

The vulnerability of the /v2/catalog component of the Red Hat OpenShift Container Platform relates to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

art-catalog.ru Cross Site Scripting vulnerability OBB-3035124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the Apache Directory Studio platform for working with catalogs lies in the lack of protection for operational data, which allows attackers to disclose protected information.

The vulnerability of the Apache Directory Studio platform for catalog management lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

Sitecore CRM Catalog Traversal Vulnerability

Sitecore CRM is a suite of customer relationship management solutions from Sitecore Denmark. A target traversal vulnerability exists in Sitecore CRM version 8.1 Rev 151207. A remote attacker can exploit this vulnerability to conduct a directory traversal attack and read arbitrary files...

tigres.ua XSS vulnerability

Vulnerable URL: http://tigres.ua/warehouse/catalogue/tigres/toys/mild/xxl-size/?search=xx' onmouseover='alert/XSSPOSED/' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4692412 Goog...

Sql injection

SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646...

Full Disclosure: Windows File Protection Old Security Catalog Vulnerability

============================================================================ == SECURITY ALERT Windows File Protection Old Security Catalog Vulnerability December 26, 2002 Full Disclosure, [email protected] and others August 26, 2002 Private Disclosure, Microsoft Press and others Jason Coombs...

Security Update: [CSSA-2002-SCO.3] UnixWare 7: message catalog environment variable vulnerability

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: UnixWare 7: message catalog environment variable vulnerability Advisory number: CSSA-2002-SCO.3 Issue date: 2002 February 7 Cross reference: 1. Problem Descripti...