227 matches found
CVE-2025-4526
A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted ear...
CVE-2025-4526 Dígitro NGC Explorer Configuration missing password field masking
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...
CVE-2025-4526 Dígitro NGC Explorer Configuration missing password field masking
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...
CVE-2025-4526
CVE-2025-4526 affects Dígitro NGC Explorer 3.44.15, specifically the Configuration Page. The issue is that the password field is not masked, exposing passwords in the UI. The vulnerability can be initiated remotely, per multiple sources, with vendor contact noted but no response. Impact is descri...
PT-2025-20647 · Unknown · Dígitro Ngc Explorer
Name of the Vulnerable Software and Affected Versions: Dígitro NGC Explorer version 3.44.15 Description: A problematic issue was found in the Configuration Page component, leading to missing password field masking. This issue can be initiated remotely. The vendor was contacted about this disclosu...
Wiesemann & Theis Web-IO 跨站脚本漏洞
Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...
UBUNTU-CVE-2023-53120
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...
BIT-JOOMLA-2020-35611 [20201102] - Core - Disclosure of secrets in Global Configuration page
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...
CVE-2025-27574
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...
CVE-2025-27567
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from t...
CVE-2025-27574
CVE-2025-27574: A stored cross-site scripting (XSS) flaw in the USB storage file-sharing function affects HGW-BL1500HM versions 002.002.003 and earlier. Exploitation could cause arbitrary script execution in the web browser of the user interfacing with the configuration page or LAN-accessible UI....
CVE-2025-27574
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...
CVE-2025-27567
HGW-BL1500HM (KDDI) contains a stored cross-site scripting (CWE-79) vulnerability in the NickName registration screen for Ver 002.002.003 and earlier. If exploited, an arbitrary script may be executed in the web browser of the user using the configuration page or functions accessible from the LAN...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from mishandling of an exception that results in the disclosure of credentials on the cloud...
CVE-2021-4360
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access...
CVE-2025-24320
A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a SCSI mpi3mr driver that may result in a corrupted configuration page when the PHY is quickly...
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
PT-2024-35414 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 14.5.0 Description: A stored cross-site scripting XSS issue in the Configuration page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. This could potential...