EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

CVE-2019-25593

JetCast Server 2.0 is affected by a local denial-of-service vulnerability: supplying an excessively long string (about 5000 characters) to the Log directory configuration field and starting the server can crash the process. Root cause is input handling of the Log directory field leading to a cras...

CVE-2019-25551

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during progr...

CVE-2019-25551

Sandboxie 5.30 has a Denial of Service vulnerability exposed via the Program Alerts configuration. A local attacker can crash the application by inputting an excessively long string (e.g., a 5000-character buffer) into the 'Select or enter a program' field during program alert setup. The CVE desc...

EUVD-2023-42130

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Skin Images / CSS config field when it contains an end script tag. An attacker can manipulate the web page...

CVE-2023-40817

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...

CVE-2023-38311

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...

CVE-2023-38311

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...

CVE-2023-38311

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...

Cross site scripting

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021 that stems from a stored cross-site scripting XSS vulnerability discovered in the syslog viewer feature. The vulnerability...

CVE-2023-38311

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the...

CVE-2021-35531

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Mautic 注入漏洞

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails, and manages customer resources. Mautic 3.3.2 suffers from an injection vulnerability that allows an authorized administrator user to expose confidential parameters by leveraging Symfo...

Eview EV-07S GPS Buffer Overflow Vulnerability

The Eview EV-07S GPS Tracker is a GPS tracking device for personal safety and personal protection. A buffer overflow vulnerability exists in the Eview EV-07S GPS Tracker, which arises from the program failing to perform sufficient boundary checks. An attacker can exploit the vulnerability by...