CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

CLSA-2026-1767609927 httpd: Fix of CVE-2025-58098

CVE-2025-58098: don't pass querry string args as command line arguments to SSI-invoked CGI scripts...

DEBIAN-CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

CVE-2024-30729

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-29444

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-30665

CVE-2024-30665 has been withdrawn; the initial entry states “Rejected reason: DO NOT USE THIS CANDIDATE NUMBER” and notes no evidence of a vulnerability. Connected sources (NVD, CNNVD) repeat that this candidate was withdrawn/not applicable. The PT security entry about ROS Melodic Morenia and rel...

PT-2024-23552 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions 1 Description: An OS command injection issue has been discovered, primarily affecting command processing and system call components. This makes them susceptible to manipulation by malicious...

PT-2024-22901 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Humble Hawksbill versions 2 Description: A command injection issue has been found, allowing remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command...

CVE-2023-6333

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session...

PT-2020-6513 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a buffer overflow on the stack in the webproc getpage scenario of the D-Link DAP-2020 Wi-Fi access point's firmware. This can be exploited by network-adjacent attackers to...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...