14 matches found
CVE-2025-53046
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Analytics. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
CVE-2025-53046
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Analytics. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
EUVD-2025-35288
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Analytics. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
Lunary Cross-Site Scripting Vulnerability
lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...
CVE-2025-5352
A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...
CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary
A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...
Lunary 跨站脚本漏洞
lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...
Environment Variable XSS in Analytics Component
Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 14.4 and iPadOS 14.4, which results from the inability to validate...
Carson & SAINT SAINT Security Suite SQL Injection Vulnerability
Carson & SAINT SAINT Security Suite is the U.S. Carson & SAINT a set of vulnerability management, security configuration assessment, penetration testing and other functions of the security suite. A SQL injection vulnerability exists in the Analytics component of Carson & SAINT SAINT Security Suit...
CVE-2020-16277
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...
CVE-2020-16277
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...
Sql injection
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...
CVE-2020-16277
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...