PT-2026-25773

Name of the Vulnerable Software and Affected Versions AWS API MCP Server versions 0.2.14 through 1.3.8 Description The AWS API MCP Server, used to enable AI assistants to interact with AWS services, has an issue where file access restrictions can be bypassed. This affects the 'no-access' and...

Cross Site Scripting (XSS)

malojaserver is vulnerable to Cross Site Scripting XSS attack. The vulnerability arises due to the error page reflecting the missing path to the user. An attacker can execute arbitrary JavaScript in the malojaserver's client context...

U.S. Dept Of Defense: Reflected Xss

hello security team i found reflected XSS in this subdomain https://███ POC:- 1-go in subdomain 2-go here https://███████/en/embeddedAuthRedirect.html?auth=javascript:alert"xElkomy" 3-Done Image:- ███████ xElkomy Impact reflected cross-site scripting XSS operation with JavaScript, which runs in t...

Tableau Server XSS Vulnerability (ADV-2019-047) - Deprecated

Tableau Server is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Code injection

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller WLC software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service ARP storm via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374...

Проблемы с одним из компонент ActiveX (Parameter Validation)

Переполнение буфера при разборе параметров позволяет выполнить код в контексте клиента...