175818 matches found
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
EUVD-2026-43297
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...
CVE-2026-57780
Technical details are not publicly provided in the connected documents. The description notes a DOM-based XSS in Envision Page Builder
CVE-2026-57816
The CVE-2026-57816 entry concerns FunnelKit Funnel Builder (WordPress plugin) with a Reflected XSS in the funnel-builder component. Affected versions are listed as from n/a through
CVE-2026-57712
WPZOOM Portfolio plugin
CVE-2026-57693
CVE-2026-57693 concerns the WordPress Ad Inserter plugin (versions up to and including 2.8.11). The issue is an Improper Neutralization of Input During Web Page Generation (XSS) that allows exploitation via incorrectly configured access control. Affected component: Ad Inserter (WordPress plugin)....
CVE-2026-57732
CVE-2026-57732 : A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the WordPress plugin tagDiv Opt-In Builder (td-subscription), affecting versions
CVE-2026-57382
CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...
TP-LINK - Local File Inclusion
TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...
SuperWebMailer - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...
wpForo Forum <= 2.1.8 - Cross-Site Scripting
The wpForo Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpforodebug’ function in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
XWiki - Open Redirect
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content. id: CVE-2022-42096 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...
Membership Database <= 1.0 - Cross-Site Scripting
Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...
WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...
WWBN AVideo 11.6 - Cross-Site Scripting
A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...
IBAX - SQL Injection
IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute...
Haraj 3.7 - Cross-Site Scripting
Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...