5519 matches found
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
UBUNTU-CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that enables attackers to inject scripts via the icinga.min.js file by exploiting EventListener.handleEvent. This can lead to session hijacking and non-persistent phishing attacks. The issue is described across multiple s...
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2021-47911
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
EUVD-2021-34760
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
EUVD-2021-34763
Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...
Icinga Web 2 跨站脚本漏洞
Icinga Web 2 is an open-source monitoring and measurement solution developed by Icinga. Version 2.8.2 of Icinga Web 2 contains a cross-site scripting vulnerability. This vulnerability stems from the icinga.min.js file, which has a client-side cross-site scripting vulnerability. It may lead to...
PT-2026-5553
Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...
PT-2026-5556
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...
EUVD-2026-5001
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...
EUVD-2026-5045
Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...
CVE-2025-69929
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...
IBM ApplinX Unauthorized Access Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...
PT-2026-5495
Name of the Vulnerable Software and Affected Versions LocalSend versions up to and including 1.17.0 Description LocalSend is an application enabling file and message sharing with nearby devices on a local network, without internet access. When a user initiates a "Share via Link" session, the...