1711 matches found
CVE-2026-22568
CVE-2026-22568 affects the ZIA Admin UI. An authenticated administrator could potentially retrieve unauthorized internal information due to improper neutralization of certain input in rare conditions. The CVSS 3.1 base score is 5.5 (Medium) with Privileges Required: High, User Interaction: None, ...
📄 Telesquare TLR-2005KSH Remote Command Execution
Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...
PT-2026-21529
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can tri...
PT-2026-21530
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be...
Zscaler ZIA Admin UI 安全漏洞
Zscaler ZIA Admin UI is a management console interface for the cloud-native security gateway provided by Zscaler Inc. There is a security vulnerability in Zscaler ZIA Admin UI, which stems from improper neutralization of special elements in the inputs provided by users. This vulnerability may all...
Zscaler ZIA Admin UI 安全漏洞
Zscaler ZIA Admin UI is a management console interface for the cloud-native security gateway provided by Zscaler Inc. There is a security vulnerability in Zscaler ZIA Admin UI, which stems from improper validation of user input. This vulnerability could allow authenticated administrators to trigg...
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2025-62326
HCL Digital Experience is susceptible to stored XSS in the administrative UI that requires elevated privileges to exploit. Affected component: the admin interface of HCL Digital Experience. The vulnerability is stored XSS with the attacker needing high privileges and user interaction is required ...
CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS)
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27506
SVXportal before or equal to version 2.5 contains a stored XSS in the profile update flow (user_settings.php -> admin/update_user.php). Authenticated users can inject HTML/JavaScript into profile fields (Firstname, lastname, email, image_url) that are rendered uncoded in the admin interface (a...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...