13 matches found
Trilium Notes 跨站脚本漏洞
Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...
CVE-2026-39250
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
EUVD-2026-30979
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
CVE-2026-39250
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
CVE-2026-39250
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
CVE-2026-39250
CVE-2026-39250 affects Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, enabling potentially dangerous operations. The NVD entry cites a CVSSv3.1 base score of 7.3 (HIGH) with network vector, low confidentiality/integrity/availabilit...
PT-2026-42008
Name of the Vulnerable Software and Affected Versions Innoshop version 0.6.0 Description An authorization issue allows an attacker who has logged into the frontend to directly access backend application interfaces, which can lead to the execution of dangerous operations. Recommendations At the...
CVE-2020-37014
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...
EUVD-2020-30960
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...
CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
EUVD-2025-199621
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
PT-2025-48047
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
MAL-2022-140 Malicious code in @boosted-bounty/backend-interfaces (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e321f53166b07d10de6128dd2b775925a44c6ee21a7bdfb796c7183c02603521 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...