CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

EUVD-2025-209589

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

PT-2026-35943

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

EUVD-2026-25915

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sysinfo results in os command injection. The attack can b...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains an operating system command injection vulnerability. This vulnerability stems from the lack of proper validation in the handling of the laninfo parameter in...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 (built 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript exec...

EUVD-2024-34704

Malicious code in bioql PyPI...

CVE-2023-39827

Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the ruleinfo parameter in the formAddMacfilterRule function...

CVE-2024-34230

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter...

CVE-2024-34230

Sourcecodester Laboratory Management System v1.0 is affected by a cross-site scripting (XSS) vulnerability in the System Information parameter. The root cause is improper handling/sanitization of user-supplied input, allowing attackers to inject arbitrary web scripts or HTML. Impact disclosed in ...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A security vulnerability exists in emlog Pro version 2.3, which stems from a cross-site scripting XSS vulnerability in the footerinfo parameter...

Tenda AX1803 Security Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda, China. A security vulnerability exists in Tenda AX1803 v1.0.0.1, which is caused by a buffer overflow vulnerability in the iptv.stb.mode parameter of the setIptvInfo method...

CVE-2023-2692

A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/roominfo.php of the component GET Parameter Handler. The manipulation of the argument name leads to cro...

sslh 格式化字符串错误漏洞

sslh is an application protocol multiplexer by the individual developer Yves Rutschle. sslh suffers from a Formatted String Error vulnerability that stems from the manipulation of the parameter msginfo of the hexdump function of its Packet Dumping Handler component resulting in a formatted string...