1912 matches found
PT-2026-32955
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...
Linux Distros Unpatched Vulnerability : CVE-2026-22675
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
EUVD-2026-19484
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
DEBIAN-CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server (versions up to 2.12.3) is affected by a stored XSS in the User-Agent header submitted to the /ocsinventory endpoint. The issue stems from improper sanitization/encoding when rendering user-supplied User-Agent values in the statistics dashboard, enabling arbitrary JavaScri...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
PT-2026-30738
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
PT-2026-30334
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The install/test.php diagnostic script has its CLI-only access guard disabled, allowing access via HTTP after installation. This exposes video viewer statistics, including IP addresses, session IDs, a...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
mansstimap
mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...