CVE-2025-59982

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-60000 Junos Space: Generate Report page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59996 Junos Space: Configuration View page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...

PT-2025-41423

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

PT-2025-41435

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

PT-2025-41432

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to incorrect permissions on folders. An attacker can escalate privileges and execute arbitrary code in the context of a target user by exploiting these permissions. Remediation...

IBM ApplinX 跨站请求伪造漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...

IBM ApplinX 跨站请求伪造漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...

CVE-2023-40702

CVE-2023-40702 affects PingOne MFA Integration Kit (Ping Identity). The vulnerability arises from misconfiguration of the skipMFA action, allowing a bypass of second-factor authentication so a threat actor with knowledge of a target user’s first-factor credentials can authenticate as that user. R...

CVE-2024-2228

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...

CVE-2024-2228

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...

CVE-2024-2228

The CVE-2024-2228 issue relates to IdentityIQ/QuickLink authorization in SAP Lifecycle Manager. Connected sources indicate an authenticated user can perform a Lifecycle Manager flow or other QuickLink targeting a user outside the defined QuickLink Population. The root cause details are not fully ...

PT-2024-19300

Name of the Vulnerable Software and Affected Versions SAP Lifecycle Manager affected versions not specified Description This issue allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Recommendations At...

Cisco Webex Meetings 跨站请求伪造漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. A security vulnerability exists in Cisco Webex Meetings, which stems from a cross-site request forgery vulnerability that allows an attacker to perform arbitrary actions in the affected interface using the privileges of the target...

SUSE CVE-2010-4706

The pamsmclosesession function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pamxauth PAM check...

OpenSSL c_rehash Script Command Injection (CVE-2022-1292)

A command injection vulnerability has been reported in the OpenSSL. The vulnerability is due to improper validation of input characters. Successful exploitation could result in command execution within the context of the target user...

Design/Logic Flaw

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...

jenkins: session fixation vulnerability

Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...