1325 matches found
CVE-2025-66604
CVE-2025-66604 affects Yokogawa FAST/TOOLS: FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB across R9.01–R10.04. Root cause is disclosure of the library version on the web page, which could enable attacker-initiated follow-on attacks. Documented impact indicates information exposure wit...
Yokogawa FAST/TOOLS 安全漏洞
Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 version up to R10.04. These vulnerabilities stem from the possibility of the library version being...
Yokogawa FAST/TOOLS 安全漏洞
Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the possibility of physical paths being...
PT-2026-7047
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
PT-2026-6001
Name of the Vulnerable Software and Affected Versions Kod8 Individual and SME Website versions through 03022026 Description The Kod8 Individual and SME Website software contains a flaw related to improper neutralization of input during web page generation, leading to a Reflected Cross-Site...
CVE-2026-21264
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...
PT-2026-2401
Name of the Vulnerable Software and Affected Versions Prowise Reflect version 1.0.9 Description Prowise Reflect version 1.0.9 has a remote keystroke injection issue. An exposed WebSocket on port 8082 allows attackers to send keyboard events. Malicious web pages can be created to inject keystrokes...
CVE-2019-25259
CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...
CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that...
CVE-1999-0440
The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000384)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000384 advisory. In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP...
PT-2026-1441
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
CVE-2018-25127
CVE-2018-25127 affects SOCA Access Control System 180612. The issue is a cross-site request forgery in the admin interface caused by lack of proper request validation, allowing forged requests to create admin accounts when a user visits a malicious page. Affected component: admin interface/API en...
PT-2025-53092
Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...
CVE-2021-47722
CVE-2021-47722 affects Zucchetti Axess CLOKI Access Control 1.64. The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to manipulate access control settings by tricking an authenticated user into loading a malicious page; no user interaction beyond visiting the attacke...
CVE-2023-53871
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...
CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...
EUVD-2025-202709
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in...
EUVD-2025-202051
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TalentSoft Software e-BAP Automation allows Cross-Site Scripting XSS.This issue affects e-BAP Automation: from 1.8.96 before v.41815...