21 matches found
CVE-2026-33786
CVE-2026-33786 affects Juniper Networks Junos OS running on SRX1600, SRX2300, and SRX4300. The issue is an Improper Check for Unusual or Exceptional Conditions in the chassis control daemon (chassisd), allowing a local, low-privilege attacker to cause a complete Denial of Service. When a specific...
CVE-2026-21904
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2026-21907
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers ssl-static-key-ciphers, reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support...
CVE-2026-21918
A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...
CVE-2026-21907 Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers ssl-static-key-ciphers, reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support...
EUVD-2025-33386
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-60002
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59996
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...
CVE-2025-59982
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-60002 Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-60001 Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59989 Junos Space: Device Discovery page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's...
PT-2025-41433
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. An attacker can inject script tags in the CLI...
7-Zip Mark-of-the-Web Bypass
Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...
SUSE CVE-2023-28427
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
UBUNTU-CVE-2023-28427
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
SUSE CVE-2014-1556
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...
CVE-2022-1059
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...
CVE-2019-0159
Insufficient memory protection in the Linux Administrative Tools for IntelR Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access...