EUVD-2021-34763

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

PT-2026-5553

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

CVE-2026-1201

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

EUVD-2026-4204

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

CVE-2026-1201 Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

CVE-2026-1201

CVE-2026-1201 affects Hubitat Elevation hubs (pre-2.4.2.157). Root cause: an authorization bypass via user-controlled key that enables a remote authenticated user to manipulate client-side requests and control devices outside their authorized scope. Public documents from Red Hat and PT Security c...

CVE-2025-59414

Nuxt (Vue.js framework) exposes a client-side path traversal in the Island payload revival during prerendering. The vulnerability occurs in the revive-payload.client.ts flow when serialized __nuxt_island objects trigger Island fetches via /__nuxt_island/${key}.json, with key potentially containin...

CVE-2023-22664 BIG-IP HTTP/2 profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

Affiliate Pro 1.7 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting XSS Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities Product & Service Introduction: =============================== Affiliate Pro is a Powerful and yet simple to use PHP affiliate Managemen...

Cisco Webex Meeting - Open Redirect Web Vulnerability

Document Title: =============== Cisco Webex Meeting - Open Redirect Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1950 PSIRT ID: 1079904098 Bulletin:...

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...