EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

CVE-2026-50704 Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

CVE-2026-50704

CVE-2026-50704 affects Frappe Framework 17.0.0-dev. The issue is a Stored XSS caused by improper neutralization of user-controlled input in the File View breadcrumb renderer. The vulnerability could allow an attacker to inject scripts via breadcrumbs, with the potential impact limited to the affe...

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

PT-2026-45040

Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...

CVE-2026-23887

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

CVE-2026-23887 Group-Office has stored XSS vulnerability via unsanitized filenames

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

EUVD-2026-4201

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

PT-2026-3883

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

Austrian Academy of Sciences OpenAtlas 安全漏洞

Austrian Academy of Sciences OpenAtlas is a database application dealing with archaeology and history organized by the Austrian Academy of Sciences in Austria. A security vulnerability exists in Austrian Academy of Sciences OpenAtlas versions prior to 8.12.0, which stems from improper handling of...

EUVD-2025-14191

Malicious code in bioql PyPI...

Scada-LTS 安全漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A security vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter Name in the file viewedit.shtm...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

CVE-2024-6215

The CVE-2024-6215 entry concerns SourceCodester Food Ordering Management System (up to 1.0). A vulnerability affects the view-ticket-admin.php file where manipulating the id parameter leads to SQL injection. The issue is described as remote-exploitable with a publicly disclosed exploit. Multiple ...

CVE-2024-5103

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/studentfirstpayment.php. The manipulation of the argument grade leads to sql injection. The attack...

CVE-2024-4905

CVE-2024-4905 affects Kashipara College Management System 1.0. The vulnerability resides in an unknown function of the file view_students_each_detail.php where manipulation of the id argument enables SQL injection. Exploitation is described as remote and publicly disclosed, with VDB-264438 as the...

CVE-2024-4815

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Affected by this issue is some unknown functionality of the file /view/bugSolve/viewData/detail.php. The manipulation of the argument filename leads to os command injection. The attack may be launch...

Improper access control

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259...