Lucene search
+L

896 matches found

attackerkb
attackerkb
added 2026/02/26 7:57 a.m.7 views

CVE-2026-1695

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

6.1CVSS5.4AI score0.00207EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/02/26 7:57 a.m.24 views

CVE-2026-1695 XSS vulnerability upon unsuccessful authentication

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

5.3CVSS0.00207EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/26 12:0 a.m.9 views

PT-2026-22127

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features. The issue exists on the error page of the OAuth server and may allow a remote...

6.1CVSS5.6AI score0.00207EPSS
Exploits0References10
cvelist
cvelist
added 2026/02/24 12:37 a.m.24 views

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

6.9CVSS0.01414EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/02/24 12:37 a.m.5 views

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

6.9CVSS5.5AI score0.01414EPSS
Exploits1References3
osv
osv
added 2026/02/23 9:54 p.m.8 views

GHSA-QQ67-MVV5-FW3G Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.7AI score0.01414EPSS
Exploits1References6
github
github
added 2026/02/23 9:54 p.m.13 views

Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.6AI score0.01414EPSS
Exploits1References6Affected Software1
vulnrichment
vulnrichment
added 2026/02/09 3:37 a.m.3 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.3AI score0.00204EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/09 3:37 a.m.5 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.3AI score0.00204EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/09 3:37 a.m.33 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS0.00204EPSS
Exploits0References1
cve
cve
added 2026/02/09 3:37 a.m.15 views

CVE-2025-66594

CVE-2025-66594 affects Yokogawa FAST/TOOLS packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04. The public description notes that detailed messages on the error page could be exploited by an attacker for other attacks, indicating information leakage or error handling weaknesses;...

6.9CVSS5.3AI score0.00204EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/09 12:0 a.m.7 views

PT-2026-7059

Name of the Vulnerable Software and Affected Versions FAST/TOOLS versions R9.01 through R10.04 Description The software displays detailed messages on error pages. This information could be used by attackers for further malicious activities. Recommendations Update to a version later than R10.04...

6.9CVSS5.8AI score0.00204EPSS
Exploits0References7
cve
cve
added 2026/01/20 8:2 a.m.23 views

CVE-2025-41768

Summary: CVE-2025-41768 affects TwinCAT 3 HMI Server. An authenticated administrator can inject arbitrary content into the device’s custom CSS field, which is persisted and later echoed on login and error pages, constituting a stored XSS. The connected Red Hat, NVD, CVE list, and security feeds d...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/20 8:2 a.m.24 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS0.00207EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/20 8:2 a.m.3 views

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/20 8:2 a.m.4 views

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1
susecve
susecve
added 2026/01/17 12:51 a.m.8 views

SUSE CVE-2017-18891

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link...

6.1CVSS7AI score0.00685EPSS
Exploits0References2
susecve
susecve
added 2026/01/17 12:28 a.m.4 views

SUSE CVE-2025-62690

Mattermost versions 10.11.x = 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References2
nessus
nessus
added 2026/01/16 12:0 a.m.10 views

MiracleLinux 4 : tomcat6-6.0.24-111.AXS4 (AXSA:2017-2380:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2380:03 advisory. A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was...

8.1CVSS8AI score0.99988EPSS
Exploits37References5
nessus
nessus
added 2026/01/16 12:0 a.m.10 views

MiracleLinux 4 : httpd24-1.1-19.AXS4, httpd24-httpd-2.4.25-9.AXS4.1, httpd24-nghttp2-1.7.1-8.AXS4 (AXSA:2019-4423:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4423:01 advisory. httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217...

7.5CVSS6.8AI score0.81466EPSS
Exploits4References7
Rows per page
Query Builder