CVE-2026-48999

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

CVE-2026-48999

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability arises from attackers carefully constructing malicious scripts and injecting them into target systems. When other users access pages...

Improper Verification of Cryptographic Signature

Overview github.com/russellhaering/goxmldsig is a XML Digital Signatures implemented in pure Go. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the validateSignature function in the validate.go file. An attacker can bypass integrity...

SUSE CVE-2025-69263

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package...

CVE-2025-69263

CVE-2025-69263 affects the pnpm package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without an integrity hash, enabling a remote server to serve different content on each install. An attacker publishing a package with an HTTP tarba...

WordPress plugin Structured Content 跨站脚本漏洞

WordPress structured content is a technology that improves search result display and click-through rates by optimizing semantic markup of web page elements e.g., titles, descriptions, images, etc. to enhance search engine understanding of page content. A cross-site scripting vulnerability exists ...

WordPress JetPopup Cross-Site Scripting Vulnerability

WordPress JetPopup is an Elementor plugin designed for WordPress, which is mainly used to create various popups e.g. subscription forms, offer banners, etc., and supports a variety of triggers and template customization. WordPress JetPopup suffers from a cross-site scripting vulnerability that...

WordPress plugin JetTabs 跨站脚本漏洞

WordPress JetTabs is a plugin for Elementor page builder, mainly used to add stylish tabs and tabs functionality to WordPress websites, supports building rich content and customizing styles through Elementor widgets. WordPress JetTabs suffers from a cross-site scripting vulnerability that stems...

WordPress GC Social Wall Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress GC Social Wall, which stems from insufficient input cleanup and output escaping, and can be exploited by an attacke...

WordPress plugin GC Social Wall 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress GC Social Wall, which stems from insufficient input cleanup and output escaping, and can be exploited by an attacke...

perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability

A flaw was found in App::cpanminus cpanm through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if th...

CVE-2023-37196

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command 'SQL Injection' vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the...

Siemens XHQ 跨站脚本漏洞

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A cross-site scripting vulnerability exists in Siemens XHQ version...

PT-2020-4827 · Microsoft · Azure Devops Server +1

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Services affected versions not specified Description: The issue is related to a spoofing vulnerability in the Team Foundation Services component of Azure DevOps Server, where the user interface can be...

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...

MetInfo HTML Injection Vulnerability

MetInfo using PHP + Mysql architecture, is a very SEO-friendly, full-featured, support for multi-language, responsive display, extremely suitable for business, corporate Web site construction of the cms station-building system. MetInfo has an HTML injection vulnerability that stems from failure t...

Moodle HTML Code Injection Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. Moodle suffers from an HTML code injection vulnerability that stems from a failure to...

Microsoft Edge UXSS-the adventure of the endless world-vulnerability warning-the black bar safety net

Today we will work together to onlookers under the Microsoft Edge there is some design problem-when these issues are combined it will form a universal cross-site scripting attacks UXSS in. If you want to figure out this vulnerability, but you're just not a security researcher, you can try so...

Infoblox Network Automation HTTP Response Splitting Vulnerability

Infoblox Network Automation is a suite of automated network configuration and change management software from Infoblox USA. An HTTP response splitting vulnerability exists in Infoblox Network Automation versions 7.0.1 and 6.9.2, which can be exploited by an attacker to affect or tamper with web...