CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

SonicWALL NSA 2400 Improper Neutralization of Input During Web Page Generation (CVE-2014-2589)

Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. This plugin only works with Tenable.ot. Please visit...

@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +168 more potentially affected by CVE-2026-24048 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)

@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24048 Source advisory: OSV:GHSA-Q2X5-4XJX-C6P9...

Authentication Bypass

github.com/karmada-io/dashboard is vulnerable to an Authentication Bypass. The vulnerability is due to missing authentication enforcement on backend API endpoints, which allows an unauthenticated attacker with network access to directly invoke the APIs and retrieve sensitive cluster data such as...

EUVD-2025-35859

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

EUVD-2014-2621

Malware in sbrugna...

SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability

Document Title: =============== SonicWall Dashboard Backend Server - Client-Side Cross Site Scripting Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1100 Release Date: ============= 2014-03-06 Vulnerability Laboratory ID VL-ID:...

Cross site scripting

Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter...

CVE-2014-2589

Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter...

PT-2014-4798 · Sonicwall · Sonicwall Network Security Appliance

Name of the Vulnerable Software and Affected Versions: SonicWall Network Security Appliance NSA 2400 Description: The issue is related to a cross-site scripting XSS vulnerability in the Dashboard Backend service, specifically in the stats/dashboard.jsp component. This vulnerability allows remote...