93 matches found
CVE-2026-7380
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...
CVE-2026-8377
CVE-2026-8377 affects Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2. The vulnerability is described as Missing/Improper Authorization allowing data collection from common resource locations. According to the connected records, the issue enables network-ba...
CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...
CVE-2026-8306
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...
CVE-2026-8306
CVE-2026-8306 describes a Stored XSS in Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2, caused by improper neutralization of input during web page generation. The vulnerability allows stored cross-site scripting in the GKS web interface. CVSS3.1 base score...
CVE-2026-8306 Stored XSS in Armiya Technologies' Access Control System
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...
EUVD-2026-42017
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...
CVE-2026-7380
The CVE-2026-7380 entry concerns Armiya Information Technologies Ltd. Co. Access Control System (GKS). It describes an improper neutralization of Script-Related HTML tags in a web page, enabling basic HTML attribute-based XSS. Affected: GKS Access Control System before version 2. The vulnerabilit...
EUVD-2026-42016
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...
PT-2026-35275
Name of the Vulnerable Software and Affected Versions LogonTracer versions prior to 2.0.0 Description An OS command injection issue allows a logged-in user to execute arbitrary operating system commands. Recommendations Update to version 2.0.0 or later...
CVE-2026-39087
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
SUSE CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...
EUVD-2026-14770
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329...
CVE-2024-44722
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
EUVD-2025-208303
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...
The Silver Searcher 代码问题漏洞
The Silver Searcher is a code search tool developed by Geoff Greer personally. Versions of the Silver Searcher prior to 2.2.0 contained code-related vulnerabilities, specifically vulnerabilities related to null pointer dereferencing, which could lead to local crashes...
CVE-2026-23720
A vulnerability has been identified in Simcenter Femap All versions V2512, Simcenter Nastran All versions V2512. The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the...
GO-2026-4398 WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...