PT-2026-42017

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description A Stored Cross-Site Scripting XSS issue exists in the ticket reply notification system. Unsanitized content from the $newmessage variable is stored in database notification payloads and rendered...

EUVD-2025-209055

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user...

EUVD-2021-24920

Malware in sbrugna...

EUVD-2023-28547

Malicious code in bioql PyPI...

EUVD-2021-7010

Malicious code in bioql PyPI...

EUVD-2023-41386

Malicious code in bioql PyPI...

GHSA-F24X-RM6G-3W5V Directus tokens are not redacted in flow logs, exposing session credentials to all admin

Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...

Debian dla-4113 : php-horde-imp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4113 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4113-1 [email protected] https://www.debian.org/lts/security/...

PT-2025-12433 · Horde +1 · Horde Imp +2

Name of the Vulnerable Software and Affected Versions: Horde IMP versions prior to 6.2.27 Horde Application Framework versions prior to 5.2.23 Description: A Cross-Site Scripting XSS vulnerability was discovered in Horde IMP, allowing an attacker to hijack a user session by sending a crafted e-ma...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager is a call processing component of a Unified Communications system. A cross-site scripting vulnerability exists in the Cisco Unified Communications Manager WEB interface, which can be exploited by remote attackers to inject malicious script or HTML code that ca...

CVE-2024-36450

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may b...

PT-2024-5633 · Dell · Dell Storage Resource Manager

Name of the Vulnerable Software and Affected Versions: Dell Storage Resource Manager version 4.9.0.0 and below Description: The issue is related to a session fixation problem in the SRM Windows Host Agent. An unauthenticated attacker on an adjacent network could exploit this, potentially leading ...

SAP BusinessObjects Business Intelligence Platform Authentication Bypass (3320702)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by an authentication bypass vulnerability. SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to ...

CVE-2023-37499

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44288)

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. The Rockwell Automation ArmorStart ST suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script or HTM...

Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. The Rockwell Automation ArmorStart ST suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject malicious script ...

SQL Monitor 12.1.31.893 - Cross-Site Scripting Vulnerability

Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: email protected Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Windows OS CV...

CVE-2023-24529

Due to lack of proper input validation, BSP application CRMBSPFRAME - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting XSS attack. As a...

CVE-2022-33927

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session...