quark-auto-save 跨站脚本漏洞

Quark-auto-save is a personal development tool by Cp0204, designed for automatic transfer of data to a Quark Network drive and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the v-html...

CVE-2026-7001 Datacom DM4100 Ethernet Configuration cross site scripting

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public...

EUVD-2026-25678

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public...

PT-2026-35176

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2019-25401

Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin) has a denial-of-service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the web service, causing DoS. CVSS metrics are provided: ...

CVE-2019-25401 Bematech Printer MP-4200 TH Denial of Service

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service...

CVE-2019-25356

CVE-2019-25356 affects Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin). The admin configuration page is vulnerable to cross-site scripting via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in an authenticated user...

CVE-2019-25356

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript...

CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2019-25378

CVE-2019-25378 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, via the proxy.cgi endpoint. The vulnerability allows cross-site scripting by injecting payloads through parameters such as CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST re...

CVE-2019-25378 Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2026-2529

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist results in command injection. The attack can be executed remotely. The vendor was contacted ear...

UBUNTU-CVE-2026-24095

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...

CVE-2026-24095 Missing Permission Check on Analyze Configuration Page

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...

CVE-2026-24095

CVE-2026-24095 affects Checkmk: improper permission enforcement allows users with the Use WATO permission to directly access the Analyze configuration page, bypassing Access analyze configuration. If such users also hold Make changes, perform actions, they can disable checks or acknowledge result...

CVE-2026-20732

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-20732

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2026-6086

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified Description An issue exists in an undisclosed BIG-IP Configuration utility page that could allow an attacker to spoof error messages. Recommendations At the moment, there is no information about a newe...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...