CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2025-12916

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

EUVD-2025-38438

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

PT-2025-45573

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions prior to 3.0.11 Description A command injection issue exists in the Sangfor Operation and Maintenance Security Management System. The issue is related to the manipulation of...

EUVD-2016-8253

Malware in sbrugna...

CVE-2025-50183

OpenList Frontend (OpenList Frontend) prior to 4.0.0-rc.4 contains a stored Cross‑Site Scripting (XSS) in the file preview/browsing feature. Files with a .py extension that contain JavaScript wrapped in [removed] tags may be interpreted as HTML in certain modes, allowing script execution in the b...

CVE-2025-3388

A vulnerability classified as problematic was found in hailey888 oasystem up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site...

CVE-2025-3388

A vulnerability classified as problematic was found in hailey888 oasystem up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site...

CVE-2025-3388

CVE-2025-3388 affects the hailey888 oa_system frontend, specifically the function loginCheck in cn/gson/oasys/controller/login/LoginsController.java . The issue is a cross-site scripting vulnerability caused by manipulation of the Username parameter. The attack can be initiated remotely, and publ...

UBUNTU-CVE-2024-36460

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text...

OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-1654 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.6 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.5-rev37, 7.10.6-rev...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF that allows user account takeover. Note: All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A...

PT-2021-23235 · Unknown · Spree Auth Devise

Name of the Vulnerable Software and Affected Versions: spree auth devise versions prior to 4.0.1 spree auth devise versions prior to 4.1.1 spree auth devise versions prior to 4.2.1 spree auth devise versions prior to 4.4.1 Description: The issue is a CSRF vulnerability that allows user account...

Open-Xchange (OX) App Suite Content Spoofing Vulnerability (Jun 2018)

Open-Xchange OX App Suite is prone to a content spoofing vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Sophos UTM Frontend Component Local Information Disclosure Vulnerability

Sophos UTM aka Astaro Security Gateway is a suite of unified threat management appliances from Sophos UK. The appliance provides gateway security protection and endpoint security protection. An information disclosure vulnerability exists in the Frontend component of Sophos UTM using firmware...

CVE-2016-7442

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab...

CVE-2016-7397

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab...

CVE-2016-7397

The CVE-2016-7397 vulnerability affects the Sophos UTM Frontend component (firmware 9.405-5 and earlier). A local administrator can disclose sensitive password information by reading the value field of the SMTP user settings in the Notifications configuration tab. Public disclosures and multiple ...