CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-3931

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

EUVD-2004-2426

Malware in sbrugna...

Vite 访问控制错误漏洞

Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, prior to 7.0.7, prior to 6.3.6, and prior to 5.4.20, which stems from explicitly exposing the Vite development server to the network resulting in arbitrary HTML...

PT-2025-27811 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.22.0 Description: A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML elemen...

Authentication Bypass

OctoPrint is vulnerable to Authentication Bypass. The vulnerability is due to insufficient authentication checks allowing direct access to rendered HTML of certain frontend pages. Attackers can exploit this to potentially access sensitive UI components...

PT-2025-17558 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.3 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker to bypass the login redirect and directly access the rendered HTML of certain...

Hikvision Intercom Broadcasting System Information Disclosure Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An information disclosure vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which originates from the file access/html/system.html that can lead to...

Apple Safari InputType Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTM...

CVE-2017-11589

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd,...

CVE-2004-2435

Cross-site scripting XSS vulnerability in PeopleSoft Human Resources Management System HRMS 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified 1 debugging or 2 utility scripts...

CVE-2004-2435

The vulnerability CVE-2004-2435 affects PeopleSoft HRMS 7.0 when “web enabled” via HTML Access, enabling Cross-site Scripting (XSS) . The issue arises from the handling of (1) debugging and (2) utility scripts, allowing remote attackers to inject arbitrary web script or HTML. Current connected so...

CVE-2004-2435

Cross-site scripting XSS vulnerability in PeopleSoft Human Resources Management System HRMS 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified 1 debugging or 2 utility scripts...

Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdx07754, CSCdx24622, CSCdx24632)

The remote VPN concentrator is subject to multiple flaws : - XML public rule - HTML pages access - HTML login processing This vulnerability is documented as Cisco bug ID CSCdx07754, CSCdx24622 and CSCdx24632. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his...

Mirabilis ICQ 2002 - Sound Scheme Remote Configuration Modification

source: https://www.securityfocus.com/bid/5239/info ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension. Reportedly, it is possible for a remote party to modify sound settings in IC...