108 matches found
CVE-2025-26206
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...
CVE-2025-26206
CVE-2025-26206 concerns a Cross-Site Request Forgery (CSRF) vulnerability in Sell Done Storefront v1.0. The issue stems from the absence of anti-CSRF protections in the web application, allowing a remote attacker to induce privileged actions via the index.html component. Affected code is identifi...
CVE-2022-4779
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
PT-2025-18234 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 136.0.7103.59 Description: The issue is related to a heap buffer overflow in the HTML component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML...
YznCMS 安全漏洞
YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...
Microsoft Edge 安全漏洞
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A memory corruption vulnerability exists in Microsoft Edge HTML-based, which can be exploited by an attacker to execute arbitrary code on a system...
Emby Media Server Cross-Site Scripting Vulnerability
Emby Media Server is a personal media server software for organizing, managing and sharing multimedia content such as music, movies, TV shows and more. Emby Media Server suffers from a cross-site scripting vulnerability that can be exploited to elevate privileges via the notifications.html...
CVE-2022-4778
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...
Path traversal
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...
CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...
CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...
Microsoft MSHTML.DLL 路径遍历漏洞
MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...
GHSA-GXCM-36QW-J29V SQL Injection in tribalsystems/zenario
SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...
reflected XSS in tribalsystems/zenario
Reflected XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting into the "cID" parameter when creating a new HTML component...
CVE-2021-27672
SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...
CVE-2021-27673
Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...
CVE-2021-27673
Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...
CVE-2021-27672
SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...
Sql injection
SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...