Out-of-bounds Read

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Out-of-bounds Read in the input validation process. An attacker can gain unauthorized write access by tricking a user with high privileges into visiting a maliciously craft...

EUVD-2026-28851

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

CVE-2026-20189

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

CVE-2026-30526

CVE-2026-30526 affects SourceCodester Zoo Management System v1.0. The vulnerability is located on the login page in the msg parameter, where user-supplied content is echoed back without proper HTML encoding/sanitization, enabling a reflected XSS via a crafted URL. The connected documents confirm ...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-1439

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

CVE-2025-57787

A reflected cross-site scripting xss vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58080

A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54861

A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-57787

A reflected cross-site scripting xss vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

PT-2026-3599

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870 Description A reflected cross-site scripting xss issue exists in the emailfailedjob functionality. A crafted URL can lead to arbitrary javascript code execution. An attacker can provide a malicious URL t...

CVE-2025-58412

Fortinet FortiADC products are affected by a vulnerability described as improper neutralization of script-related HTML tags (basic XSS). Affected are FortiADC 8.0.0, 7.6.0–7.6.3, all 7.4 versions, and all 7.2 versions. The issue could let an attacker craft a URL to execute unauthorized code or co...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

CVE-2025-56266

CVE-2025-56266 affects Avigilon ACM v7.10.0.20. The connected nuclei template confirms a Host Header Injection vulnerability that enables arbitrary code execution via a crafted HTTP request (crafted URL). Root cause is host header manipulation affecting request handling in Avigilon ACM, enabling ...

Gunosy 安全漏洞

Gunosy is a news and information application from the Japanese company Gunosy. Gunosy suffers from a security vulnerability that stems from the disclosure of sensitive information and could lead to the acquisition of a JWT token via a specially crafted URL...

CVE-2025-42975 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

CVE-2024-53965

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...

School Attendance Monitoring System和School Event Management System 跨站脚本漏洞

School Event Management System is a school event management system and School Attendance Monitoring System is a school attendance monitoring system. A cross-site scripting vulnerability exists in School Attendance Monitoring System and School Event Management System version 1.0. An attacker can...

Cato Networks Windows SDP Client 安全漏洞

Cato Networks Windows SDP Client is a secure remote access software from Cato Networks, Israel. A security vulnerability exists in Cato Networks Windows SDP Client versions prior to 5.10.34, which stems from code that can be remotely executed via a specially crafted URL...