10505 matches found
Reflected XSS - Telerik Reporting Module
Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...
Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page. id: CVE-2021-24495 info: name: Wordpress Marmoset Viewer 1.9.3 - Cross-Site Scripting author:...
CVE-2026-61501
Rejetto HFS versions 3.0.0–3.2.0 expose a stored XSS in the admin log viewer: log entries rendered as HTML without sanitization allow a remote unauthenticated attacker to craft a username, write JavaScript to the error log, and execute code in an administrator’s browser when logs are viewed, pote...
Eclipse BIRT Viewer - Remote Code Execution
Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters. id: CVE-2021-34427 info: name: Eclipse BIRT Viewer - Remote Code...
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...
CVE-2026-55466 Snipe-IT: Stored XSS via inline-served attachment
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
CVE-2026-8595 Stored XSS in the table panel (TableNG)
A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...
CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials
Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...
CVE-2026-54652
Frigate (v0.17.1) exposes credentials via GET /api/logs/{service} for authenticated users including viewer role, allowing download of Frigate and nginx logs that contain admin passwords and camera credentials in query strings. Root cause: log exposure through an endpoint access with insufficient ...
CVE-2026-56775
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...
CVE-2026-56775 n8n - Incorrect OAuth Scope Validation in Evaluation Test Runs Endpoints
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...
EUVD-2026-42262
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...
CVE-2026-56775
CVE-2026-56775 affects n8n prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization vulnerability in three mutating evaluation test-run endpoints that grant state-changing actions under the workflow:read scope instead of the action-appropriate workflow:execute scope. On systems using ...
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
CVE-2026-55798
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
CVE-2026-55798 Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
CVE-2026-55798
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
CVE-2026-13705
Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in readrgb16rle. readrgb16rle guards each literal run with if count dataleft, but count is a pixel count while every 16-bit sample consumes two bytes. The copy...
PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...