Advantech WebAccess/SCADA SQL注入漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a locally deployed browser-based application from Microsoft USA. The program is primarily used to manage servers, clusters, and more. A security vulnerability exists in Microsoft Windows Admin Center that stems from improper access control and could lead to local...

CVE-2025-64443

CVE-2025-64443 details a DNS rebinding vulnerability in MCP Gateway when running in the sse/streaming transport modes . Affected are MCP Gateway versions

CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

编号撤回

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2025.3.104432, which...

EUVD-2022-31436

Malicious code in bioql PyPI...

EUVD-2025-30813

Malicious code in bioql PyPI...

EUVD-2022-53391

Malicious code in bioql PyPI...

EUVD-2022-25963

Malicious code in bioql PyPI...

EUVD-2022-35445

Malicious code in bioql PyPI...

EUVD-2022-34277

Malicious code in bioql PyPI...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

PT-2025-38730

Name of the Vulnerable Software and Affected Versions AiKaan Cloud Controller affected versions not specified Description The AiKaan Cloud Controller utilizes a single, hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an...

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a "browser-based attack" is, and why they're proving to be so effective. What is a browser-based attack? First, it's important to establish what a browser-based...

CVE-2025-41000

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

Atheos 安全漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to 6.0.4, which stems from parameter injection and could lead to arbitrary command execution...

CVE-2022-20713

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is du...

CVE-2022-26889

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...

CVE-2025-20204 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...