CVE-2024-41735

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability causing low impact on confidentiality and integrity of the application...

CVE-2024-39594

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the...

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2026-22712

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

Tenda N300和Tenda F3 安全漏洞

Tenda N300 and Tenda F3 are both products of Tenda, a Chinese company.Tenda N300 is a router.Tenda F3 is a wireless router. A security vulnerability exists in the Tenda N300 and Tenda F3 that originates from the transmission of credentials encoded using reversible Base64 encoding via a web-based...

PT-2026-2148

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit credentials using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network can intercept network...

Mediawiki - ApprovedRevs Extension 安全漏洞

Mediawiki - ApprovedRevs Extension is an open source content quality control plugin for Mediawiki. A security vulnerability exists in Mediawiki - ApprovedRevs Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper output encoding or escaping, and could lead to input data...

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

CVE-2025-8307

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

Cyber Threat Detection and Vulnerability Assessment System Using Generative AI and Large Language Model

Background: Cyber-attacks have evolved rapidly in recent years, many individuals and business owners have been affected by cyber-attacks in various ways. Cyber-attacks include various threats such as ransomware, malware, phishing, and Denial of Service DoS-related attacks. Challenges: Traditional...

CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...

PT-2026-1830

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A cross-site scripting XSS issue exists due to unsanitized user input reflected in HTTP responses without proper HTML encoding or escaping. The issue is present on the...

CVE-2026-22543

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

EUVD-2026-1415

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2026-22543 WEEK ENCODING FOR PASSWORDS

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2026-22543

CVE-2026-22543 affects devices whose web server accepts credentials in Base64 in HTTP headers. The base64 credential transmission is not encryption, enabling an attacker who can observe the login request to obtain credentials. Connected sources (including Red Hat, CIRCL sighting, NVD, CNNVD, and ...

CVE-2025-13371

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...