209 matches found
CVE-2022-43847
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
Bitdefender GravityZone Console 代码问题漏洞
Bitdefender GravityZone Console is a centralized cybersecurity management platform from Bitdefender Romania, designed to provide organizations with full visibility and control over their security infrastructure. A code issue vulnerability exists in Bitdefender GravityZone Console versions prior t...
CVE-2025-26796 Apache Oozie: XSS in Oozie Web Console
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...
GHSA-69X5-HJG4-M267 OpenShift Console Has a Path Traversal Vulnerability
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...
Red Hat OpenShift Console 路径遍历漏洞
Red Hat OpenShift Console is an OpenShift console from Red Hat, Inc. A path traversal vulnerability exists in Red Hat OpenShift Console that stems from an insecure file path construction, which could allow an authenticated user to retrieve an arbitrary JSON file on the console by manipulating the...
Cross-Site Scripting (XSS)
org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...
CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...
NetScaler Console and NetScaler Agent Security Bulletin for CVE-2024-12284
Description of Problem A vulnerability has been discovered in NetScaler Console formerly NetScaler ADM and NetScaler Agent. Refer to below for further details: Affected Versions The following supported versions of NetScaler Console and NetScaler Agent are affected: NetScaler Console 14.1 BEFORE...
CVE-2025-0617
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service...
CVE-2025-0617
CVE-2025-0617 affects Trellix HX (HX console) for version 10.0.0 and earlier. The vulnerability arises when an attacker with access to the HX console sends specially crafted data, triggering file parsing that allows exponential entity expansions in the consumer process, resulting in a Denial of S...
PT-2025-3984 · Hx · Hx
Name of the Vulnerable Software and Affected Versions: HX versions 10.0.0 and earlier Description: An attacker with access to the vulnerable software may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.19.Final) potentially affected by CVE-2025-23366 via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.6.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.19.Final Source cves: CVE-2025-23366 Source advisory: OSV:GHSA-JHVJ-F397-8W6Q...
The vulnerability of the console-based MPEG audio player mpg123, related to the ability to write beyond the allocated memory, allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the console-based MPEG audio player mpg123 lies in its ability to write beyond the allocated memory boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause system failures...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.19.Final) potentially affected by unknown CVE via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.6.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.19.Final Source cves: unknown CVE Source advisory: OSV:GHSA-64GP-R758-8PFM...
The vulnerability of the Intel Raid Web Console web console, related to deficiencies in access control, allows attackers to disclose protected information.
The vulnerability of the Intel Raid Web Console web console relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to disclose protected information...
The vulnerability of the Intel Raid Web Console web console, related to deficiencies in access control, allows a intruder to trigger a service failure.
The vulnerability of the Intel Raid Web Console web console relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Dell OpenManage Enterprise console, related to the lack of protective measures for the SQL query structure, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Dell OpenManage Enterprise system management console is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Console component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows a perpetrator to cause a service failure.
The vulnerability of the Console component of the Oracle WebLogic Server application server software, part of the Oracle Fusion Middleware platform, relates to improper cleaning or release of resources due to copying of buffers without checking the size of the input data. Exploiting this...
Oracle WebLogic Server (October 2024 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions tha...
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE 命令注入漏洞
The Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE DFS ProGauge MAGLINK LX CONSOLE is an industrial console from Dover Fueling Solutions, Inc. designed for expansion. A command injection vulnerability exists in Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE version 3.4.2.2.6 and prior...