1082 matches found
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
Linux Distros Unpatched Vulnerability : CVE-2026-23643
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross- site-scripting vulnerability via query string parameter...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
DEBIAN-CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
UBUNTU-CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
GHSA-QH8M-9QXX-53M5 CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
Impact The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. Patches This issue has been fixed in 5.2.12 and 5.3.1 Workarounds If you are unable to upgrade, you should avoid using Paginator::limitControl until you can upgrade...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643
The CVE-2026-23643 entry concerns CakePHP and a cross-site-scripting vulnerability in PaginatorHelper::limitControl() triggered by query string manipulation. Affected versions are fixed in 5.2.12 and 5.3.1; upgrade to at least those releases to mitigate. The vulnerability description is corrobora...
CVE-2026-23643 CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643 CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643 CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
PT-2026-3322
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
PT-2026-3011
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
CVE-2025-69270 Spectrum session token in URL
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...
CLSA-2026-1767970357 httpd: Fix of CVE-2025-58098
CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...
CVE-2024-41592
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...
CLSA-2026-1767950193 httpd: Fix of CVE-2025-58098
CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...
CVE-2025-1738
A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party...