CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

PT-2026-29029

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-30082

CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

EUVD-2023-23482

Malicious code in bioql PyPI...

EUVD-2025-28896

Malicious code in bioql PyPI...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

CVE-2023-1203

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule...

PT-2023-16818 · Devolutions · Devolutions Remote Desktop Manager Powershell Module

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager PowerShell Module versions 2022.3.1.5 and earlier Description: The issue is related to the improper removal of sensitive data in the entry edit feature of the Hub Business submodule. This allows an...

PT-2022-26324 · Unknown · Merchandise Online Store

Name of the Vulnerable Software and Affected Versions: Merchandise Online Store version 1.0 Description: A Stored XSS issue allows the injection of arbitrary JavaScript in the edit account form. Recommendations: For version 1.0, update the edit account form to properly sanitize user input and...

X (Formerly Twitter): Improper santization of edit in list feature at twitter leads to delete any twitter user's list cover photo.

An improper sanitization of the edit list feature at Twitter allowed an attacker to delete any Twitter user's list cover photo. By manipulating the media ID in the request, the attacker could delete the victim's cover photo, violating access controls...

CVE-2019-8349

Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...