7 matches found
CVE-2026-4914
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...
CVE-2026-4914
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...
CVE-2026-4914
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...
PT-2026-32648
Name of the Vulnerable Software and Affected Versions Ivanti N-ITSM versions prior to 2025.4 Description Stored Cross-Site Scripting XSS allows a remote authenticated attacker to obtain limited information from other user sessions. This issue requires user interaction to be exploited...
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
PT-2023-31362 · Unknown · Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.9 Description: The issue allows unauthorized access to user accounts, compromising the security of sensitive information. When a user changes their login password in Uptime Kuma, a previously logged-in user...
squid: Information Disclosure issue in FTP Gateway
A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...