412 matches found
CVE-2013-0668
Multiple cross-site scripting XSS vulnerabilities in the HMI web application in Siemens WinCC TIA Portal 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2019-18235
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...
CVE-2012-4006
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
CVE-2002-2326
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic...
CVE-2024-30145
CVE-2024-30145 affects HCL Domino Volt and Domino Leap with multiple vectors enabling client-side script injection (XSS) in the authoring environment and deployed applications. Connected sources confirm XSS via web interfaces; no concrete exploit details or patch/version information are provided ...
CVE-2025-2865
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-25590
creationtimestamp| type| source ---|---|--- 2025-03-18 18:13:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkobieajod2x...
CVE-2025-27678
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001...
CVE-2025-27640
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012...
CVE-2025-27642
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008...
CVE-2022-1575
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...
CVE-2024-28146 Hardcoded credentials
The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...
Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:09) - Remote Known Vulnerable Versions Check
Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moodle < 3.9.25, 3.11.x < 3.11.18, 4.0.x < 4.0.12, 4.1.x < 4.1.7, 4.2.x < 4.2.4, 4.3.x < 4.3.1 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
CVE-2023-29457
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...
CVE-2023-25749
Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...
TeamPass < 3.0.9 Multiple Vulnerabilities
TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...
TeamPass < 3.0.7 Multiple Vulnerabilities
TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...
Mailman < 3.3.5 REST API Vulnerability
Mailman is prone to a vulnerability in the REST API. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...