1451 matches found
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of KEY1, IP, HOST, or DOM...
MajorDoMo 跨站脚本漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability, which stems from the $qry parameter in the command.php file being rendered directly into the HTML page without proper cleaning. Attackers can...
WordPress plugin RSS Aggregator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2019-25381
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...
CVE-2025-59905
Cross-Site Scripting XSS vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the...
Kubysoft 跨站脚本漏洞
Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability. This vulnerability stems from multiple parameters in the /node/kudaby/nodeFN/procedure endpoints, which are vulnerable to reflection-based cross-site scripting...
CVE-2026-1571
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...
CVE-2026-1571
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...
PT-2026-7478
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...
Turboard 跨站脚本漏洞
Turboard is a business intelligence data visualization and analysis platform developed by Turboard Inc. In versions 2025.07 to 11022026 of Turboard, there is a cross-site scripting vulnerability. This vulnerability stems from improper input during web page generation, which may lead to...
CVE-2026-2302
Technical details about CVE-2026-2302 are not publicly available in the provided Connected documents. Monitor for updates; current information includes an Arbitrary Ruby code execution condition tied to Mongoid::Criteria.from_hash but no vendor/version specifics are given here.
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
Frappe Technologies Frappe 输入验证错误漏洞
Frappe Technologies Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages. Frappe Technologies had a vulnerability in input validation for versions prior to 14.99.14 and 15.94.0. This vulnerability stemmed from a specially crafted registration URL that...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the assembleLayoutFromPost function. An attacker can execute arbitrary system commands on the server by...
RECUR: Resource Exhaustion Attack Via Recursive-Entropy Guided Counterfactual Utilization and Reflection
Large Reasoning Models LRMs employ reasoning to address complex tasks. Such explicit reasoning requires extended context lengths, resulting in substantially higher resource consumption. Prior work has shown that adversarially crafted inputs can trigger redundant reasoning processes, exposing LRMs...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
PT-2026-6189
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The software contains an improper output encoding issue in the web management interface. User-supplied input is reflected in HTTP responses without sufficient escaping,...