10656 matches found
Citrix ADC/Gateway - Cross-Site Scripting
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2020-8191 info: name: Citrix...
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network...
CVE-2026-50711
CVE-2026-50711 affects Frappe Framework (17.0.0-dev). A Stored XSS exists in the Number Card component due to improper neutralization of user-controlled input. The connected documents confirm the vulnerability but do not specify exploit details, affected versions beyond 17.0.0-dev, or remediation...
CVE-2026-50698
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...
CVE-2026-10857
CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...
EUVD-2026-38445
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...
CVE-2026-12621
GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...
EUVD-2026-38038
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...
CVE-2026-39998
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
Astra Linux – Vulnerability in Intel Microcode
Improper input validation in some IntelR TDX module software prior to version 1.5.05.46.698 may allow a privileged user to potentially enable privilege escalation through local access...
PT-2026-50945
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description Improper neutralization of input during web page generation allows for Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendation...
EUVD-2026-37873
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71186)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent i...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40250)
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on requestirq failure The mlx5irqalloc function can inadvertently free the entire rmap and end up in a crash1 when the other threads tries to access this, when requestirq fails due to exhauste...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23222)
In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAPCRYPTOFORCECOPY scatterlists correctly The existing allocation of scatterlists in omapcryptocopysglists was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23228)
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71191)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: athdmac: fix device leak on ofdmaxlate Make sure to drop the reference taken when looking up the DMA platform device during ofdmaxlate when releasing channel resources. Note that commit 3832b78b3ec2 dmaengine: athdmac:...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40257)
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcppmdeladdtimer mptcppmdeladdtimer can call skstoptimersyncsk, &entry-addtimer while another might have free entry already, as reported by syzbot. Add RCU protection to fix this issue. Also change confusin...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40264)
In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrbparams in case of OS2BMC beinsertvlaninpkt is called with the wrbparams argument being NULL at besendpkttobmc call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific...