5519 matches found
CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...
CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution
Summary Several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input is passed as the method name, an attacker can inject...
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...
GHSA-78QV-3MPX-9CQQ NiceGUI vulnerable to XSS via Code Injection during client-side element function execution
Summary Several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input is passed as the method name, an attacker can inject...
CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...
CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...
CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...
CVE-2026-27156 NiceGUI has XSS via Code Injection
NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27520
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...
CVE-2026-27520
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Since Base64 is reversible, an attacker with cookie access can recover the plaintext password. Affected product/v...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209 uses RC4 with a hard-coded key embedded in client-side JavaScript. The static key enables an attacker to decrypt protected values, defeating confidentiality protections. Affected component: firmware (vulnerable RC4 implem...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
PT-2026-21796
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 have a Client-Side Enforcement of Server-Side Security issue. A high privileged attacker with remote access could potentially bypass ...
PT-2026-21757
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
Dell Wyse Management Suite WMS 安全漏洞
Dell Wyse Management Suite WMS is a cloud-based and on-premise management platform developed by the American company Dell. It is used for centralized management of Wyse lightweight terminal devices, supporting features such as remote configuration, firmware updates, and security policy management...
PT-2026-21771
Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.8.0 Description NiceGUI APIs, including Element.run method, AgGrid.run grid method, EChart.run chart method, and others, utilized an eval fallback within the JavaScript-side runMethod function. This allowed for...