Sophos Firewall <= 19.0 MR1 - Remote Code Execution

Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

EUVD-2025-50775

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0...

CVE-2025-48055

The CVE-2025-48055 entry concerns Combodo iTop, a web-based IT service management tool. Concrete details across connected sources show a stored XSS vulnerability in the user portal’s browse brick, affecting versions prior to 3.2.2. The root cause is improper handling/display of content in the bro...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management, and problem management. A cross-site scripting vulnerability exists in Combodo...

PT-2025-46193

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.2.2 Description Combodo iTop is a web-based IT service management tool. A cross-site scripting issue can occur when displaying content in a browse brick within the user portal. This allows for the execution of...

EUVD-2020-9306

Malware in sbrugna...

EUVD-2024-51077

Malicious code in bioql PyPI...

PT-2025-112: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript into web pages, resulting in execution of malicious code in the victim’s browser. Vulnerability status: Confirmed by vendor Date of...

CVE-2023-52268

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

PT-2024-9755

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely. The issue is related to incorrect code generation management. This...