Verint Verba 跨站脚本漏洞

Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...

PT-2025-47313

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS is susceptible to Stored Cross-Site Scripting XSS in the logon page due to inadequate input validation. A malicious actor can inject arbitrary HTML and...

EUVD-2021-11208

Malware in sbrugna...

EUVD-2023-58080

Malicious code in bioql PyPI...

CVE-2023-0219

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...

Default credentials

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

CVE-2023-5797

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

CVE-2023-5797

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

Privilege escalation

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

CVE-2023-5797

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

CVE-2023-5797

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

Zyxel ATP Security Vulnerability

Zyxel ATP is a firewall from Zyxel, China. Zyxel ATP series 4.32 to 5.37 firmware versions, USG FLEX series 4.50 to 5.37 firmware versions, USG FLEX 50W series 4.16 to 5.37 firmware versions, USG20W-VPN series 4.16 to 5.3 firmware versions, VPN series 4.30 to 5.37 firmware versions, NWA50AX...

PT-2023-7306 · Zyxel · Zyxel Nwa50Ax +8

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Zyxel USG FLEX series versions 4.50 through 5.37 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Zyxel USG20W-VPN series versions 4.16 through 5.37 Zyxel VPN series versions 4.30 through 5.37...

CVE-2020-28365

Sentrifugo 3.2 allows Stored Cross-Site Scripting XSS vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by...

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

WordPress 404 To 301 2.2.8 Cross Site Scripting

------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin ------------------------------------------------------------------------ Alyssa Milburn , July 2016...