CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

CVE-2025-42975

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

CVE-2025-24373

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

PT-2023-16766 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.18 Description: The issue is related to Cross-site Scripting XSS - Stored, which can be exploited by an attacker to send a malicious script to any user. This can be done through the Document Page Link...

Cross site scripting

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

CVE-2021-3012

The CVE-2021-3012 entry concerns a cross-site scripting (XSS) vulnerability in Esri ArcGIS Enterprise/Server prior to version 10.9. The flaw arises in the Document Link of documents, where remote authenticated users can inject arbitrary JavaScript by exploiting a malicious HTML attribute (e.g., o...

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

QQ Email in-box xss vulnerability

No description provided by source. Author: AmesianX in [email protected] Document Link: http://powerhacker.net/mailqqcomxssvulnerabilitywrittenbyAmesianX.pdf Version: 2012-06-28 NowTime: 0-Day Tested on: IE 9.0, Chrome, FireFox Patch on:2012-07-02 1. click the E-Mail Write Button ...

Solaris Update for snoop 138105-01

Check for the Version of snoop OpenVAS Vulnerability Test Solaris Update for snoop 138105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the...

security flaw

OpenOffice.org OOo Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document...

security flaw

Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...