CVE-2026-4616

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

EUVD-2021-13350

Malware in sbrugna...

EUVD-2024-32957

Malicious code in bioql PyPI...

CVE-2025-56520

CVE-2025-56520 : Dify v1.6.0 contains a Server-Side Request Forgery (SSRF) in the controllers.console.remote_files.RemoteFileUploadApi due to improper validation. The Nuclei template and VulnCheck/Red Hat/NVD/CNNVD entries confirm an SSRF that allows the server to make arbitrary requests from its...

CVE-2021-26551

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module...

CVE-2024-10173

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...

CVE-2024-10173 didi DDMQ Console Module improper authentication

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...

CVE-2024-10173

CVE-2024-10173 affects the didi DDMQ 1.0 Console Module. The vulnerability stems from input manipulation of "/;login" that results in improper authentication. It can be exploited remotely, and public disclosures exist. Several connected sources (NVD, Red Hat, CVE list, and related feeds) describe...

CVE-2024-10173 didi DDMQ Console Module improper authentication

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...

PT-2024-16087 · Didi Ddmq · Didi Ddmq

Name of the Vulnerable Software and Affected Versions: didi DDMQ version 1.0 Description: A critical vulnerability has been found in the Console Module component of didi DDMQ, affecting an unknown functionality. The manipulation of the input /;login leads to improper authentication. This issue ca...

CVE-2023-24514

Cross-site Scripting XSS vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Cross site scripting

Cross-site Scripting XSS vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-24514 Stored Cross Site Scripting Vulnerability in Visual Console Module

Cross-site Scripting XSS vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a cross-site scripting XSS vulnerability in the Visu...

PT-2023-19661 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions prior to v767 Description: The issue is related to a Cross-site Scripting XSS vulnerability in the Visual Console Module of Pandora FMS. This vulnerability could be used to hijack admin users' session cookie values and...

Oracle Essbase 安全漏洞

Oracle Hyperion and Oracle Essbase are products of Oracle Corporation.Oracle Hyperion is a set of financial modeling applications. The software provides financial closure, report production, etc. Oracle Essbase is an application. Enables organizations to quickly generate insights from...

cockpit-session-recording bug fix and enhancement update

An update is available for cockpit-session-recording. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list the cockpit-session-recording packages contain a web consol...

SmartFoxServer Code Injection Vulnerability

SmartFoxServer is a software development program for rapid development of multiplayer games and applications via Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C ++, etc. SmartFoxServer is a software development program from SmartFoxServer, USA. The software...

CVE-2021-26551

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module...

Code injection

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module...