48 matches found
CVE-2026-54298
Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...
Dräger Protector Software 安全漏洞
Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...
EUVD-2026-10430
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...
CVE-2026-30918
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerabilities. It is possible to inject malicious...
CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass
Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...
CVE-2025-14510
CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...
EUVD-2025-34883
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...
CVE-2025-55094
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxicmpv6validateoptions when handling a packet with ICMP6 options...
CVE-2025-55096
CVE-2025-55096 affects USBX (USB host stack) prior to 6.4.3 in the Eclipse Foundation ThreadX ecosystem. The root cause is an out-of-bounds read in _ux_host_class_hid_report_descriptor_get() while parsing a USB HID device descriptor. Documented impact includes high confidentiality and availabilit...
CVE-2025-55090 Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive function when received an Ethernet frame with less than 4 bytes of IP packet...
CVE-2025-55083
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read...
CVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-55080
In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write...
CVE-2025-55079
In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service...
CVE-2025-55079
CVE-2025-55079 refers to Eclipse ThreadX RTOS prior to 6.4.3, where the thread module’s maximum priority check could be bypassed, allowing a thread to run at a higher priority than intended and cause a potential denial of service. This is corroborated by Red Hat and other industry sources in the ...
Eclipse ThreadX NetX Duo 缓冲区错误漏洞
Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a lack of validation of the PSK length in a user message, which could lead to out-of-bounds...
CVE-2025-3448 XSS on SDM
Reflected cross-site scripting XSS vulnerabilities exist in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
CVE-2025-3448
CVE-2025-3448 describes a reflected cross-site scripting (XSS) in the System Diagnostics Manager (SDM) of B&R Automation Runtime, prior to 6.4 . The vulnerability allows a remote attacker to cause the affected user’s browser to execute arbitrary JavaScript, via crafted input during web page gener...
CVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory...
NetScout nGeniusONE 跨站脚本漏洞
NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A security vulnerability exists in NetScout nGeniusONE versions prior to 6.4.0 b2350, which stems from a stored cross-site scripting attack that could result from certain POST paramete...