37 matches found
PT-2026-45358
SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...
EUVD-2025-208711
Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6...
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...
CVE-2024-58272
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2023-7323...
EUVD-2021-28468
Malicious code in bioql PyPI...
EUVD-2023-45695
Malicious code in bioql PyPI...
EUVD-2023-45693
Malicious code in bioql PyPI...
CVE-2025-42920
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation,...
CVE-2023-41177
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178...
CVE-2023-41176
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177...
CVE-2023-41178
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176...
CVE-2024-47590 Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser XXS or transmitted to...
CVE-2024-47590 Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser XXS or transmitted to...
CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...
CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...
CVE-2024-35207
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The web interface of the affected devices are vulnerable to Cross-Site Request ForgeryCSRF attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform...
CVE-2023-41177
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178...
CVE-2023-41176
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177...
CVE-2023-41177
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178...
Cross site scripting
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176...