49 matches found
CVE-2025-40902
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
CVE-2025-40902
CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...
CVE-2025-40902
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
EUVD-2025-209893
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
PT-2026-41889
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞
Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...
CVE-2019-16172
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...
EUVD-2020-3994
Malware in sbrugna...
EUVD-2018-10993
Malware in sbrugna...
EUVD-2004-0713
Malware in sbrugna...
EUVD-2025-22514
Malicious code in bioql PyPI...
EUVD-2021-9410
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...
CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection
A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...
Linux Distros Unpatched Vulnerability : CVE-2021-22264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...