CVE-2019-25235

The CVE-2019-25235 entry concerns Smartwares HOME easy 1.0.9, where an authentication bypass vulnerability allows unauthenticated attackers to access administrative web pages by disabling JavaScript. This enables navigation to multiple administrative endpoints and bypass of client-side validation...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

PT-2025-53321

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2025-43529

A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine. Mitigation To mitigate this issue, avoid processing untrusted web content. Additionally, disabling t...

PT-2025-5784 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

PT-2024-32813 · Mediawiki · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue concerns the CreateWiki extension used for requesting and creating wikis, where the name of requested wikis is not properly escaped on the Special:RequestWikiQueue page. This...

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The browser wi...

PT-2024-2512 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript...

PT-2023-8372 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

PT-2023-3892 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.1.15289 Foxit PDF Editor affected versions not specified Description: A use-after-free issue exists in the JavaScript engine, allowing an attacker to execute arbitrary code by manipulating form fields of a specif...

PT-2023-23658 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions 3.7.0 through 4.8.0 Description: The issue is related to insufficient restrictions of called script functions in Apache Jena, allowing a remote user to execute javascript via a SPARQL query. Recommendations: For Apache Je...

PT-2023-15547 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey version 5.4.15 Description: A stored cross-site scripting XSS issue was discovered in the component "/index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts". This issue allows attackers to execute arbitrary web...

PT-2022-21456 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 12.0.1.12430 Description: A use-after-free issue exists in the JavaScript engine of Foxit Software's PDF Reader. This can be triggered by a specially-crafted PDF document that prematurely deletes objects...

PT-2022-15775 · Nginx · Nginx Controller Api Management

Name of the Vulnerable Software and Affected Versions: NGINX Controller API Management versions 3.18.0 through 3.19.0 Description: An authenticated attacker with access to the user or admin role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is...

Vulnerabilities fixed in Nitro Pro PDF

Vulnerabilities have been fixed in Nitro Pro PDF. The vulnerabilities allow an unauthenticated remote malicious person to opportunity to execute arbitrary code under the privileges of the application. To do this, the malicious agent must trick the victim to open a malicious file. Nitro Software...

PT-2021-14823 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software’s PDF Reader version 11.0.0.49893 Description: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. A specially crafted PDF document can trigger the reuse of previously freed memory,...

PT-2018-16360 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit Software's PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code...

PT-2018-16359 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, leading to arbitrary code execution. This can occur when a user is...

PT-2018-16358 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, leading to arbitrary code execution. This can occur when a user opens a...