31 matches found
CVE-2026-7857
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2026-7857
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...
PT-2026-31378
CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time group.asp endpoint. https://t.co/22B1zw0ww8...
GHSA-PQ95-94C9-J987 yaffa vulnerable to Cross Site Scripting
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
EUVD-2025-209275
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Add Account Group process on the account-group page. An attacker can execute arbitrary JavaScript in the context of users who view the affected page by injecting malicious scripts. Details Cross-site...
CVE-2025-70844
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
CVE-2025-70844
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
CVE-2025-70844
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
PT-2026-30902
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
CVE-2025-70844
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...
Yet Another Free Financial Application 安全漏洞
Yet Another Free Financial Application is a self-hosted web application for personal financial management and planning developed by Kantorgge’s individual developers. Version 2.0.0 of Yet Another Free Financial Application contains a security vulnerability. This vulnerability stems from the “Add...
CVE-2026-4168
Tecnick TCExam 16.5.0 contains a cross-site scripting vulnerability in /admin/code/tce_edit_group.php (Group Handler) via manipulation of the Name parameter. The issue is exploitable remotely and an exploit is publicly available. Vendor could not reproduce fully, and the description notes that th...
CVE-2022-38615
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters at /SVFE2/pages/feegroups/servicegroup.jsf...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataGroupname parameter in the /apprain/admin/managegroup/add/ process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is improperly...
LyLme Spage 安全漏洞
LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...
DrayTek Vigor 3910 安全漏洞
DrayTek Vigor 3910 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version v4.3.2.6 that originates from a buffer overflow issue contained in the sProfileName parameter of the usergrp.cgi page. An attacker can caus...
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...
CVE-2022-38618
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters at /SVFE2/pages/feegroups/countrygroup.jsf...
CVE-2022-38618
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters at /SVFE2/pages/feegroups/countrygroup.jsf...