Orca Energija Orca heat pump security vulnerabilities

Orca Energija Orca heat pump is a series of air-to-water heat pump systems developed by Orca Energija. There are security vulnerabilities in Orca Energija Orca heat pumps. These vulnerabilities stem from the lack of authentication and plaintext data transmission. Combined with the absence of...

CVE-2026-41932

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the displayname field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

CVE-2026-30251

A reflected cross-site scripting XSS vulnerability in the loginnewpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codiceazienda parameter...

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

PT-2026-23840

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

davids-xss-attack-defense

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

CVE-2019-18664

The Log module in SECUDOS DOMOS before 5.6 allows XSS...

CVE-2023-40314

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

CVE-2022-50802

ETAP Safety Manager 1.0.0.32 is affected by an unauthenticated reflected XSS in the 'action' GET parameter. The vulnerability allows injection of HTML/JavaScript to execute in victims’ browsers, potentially leaking credentials or enabling unauthorized actions. The issue is documented across multi...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29206)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504401; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29206";...

CVE-2025-9227

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor...

EUVD-2013-7151

Malware in sbrugna...

EUVD-2012-2731

Malware in sbrugna...

EUVD-2008-0615

Malware in sbrugna...

EUVD-2019-16159

Malware in sbrugna...

EUVD-2020-7764

Malware in sbrugna...

EUVD-2015-3497

Malware in sbrugna...

EUVD-2017-0308

Malware in sbrugna...