184 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13753
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...
CVE-2025-42956
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create...
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Overview apache-airflow-providers-snowflake is a Provider package apache-airflow-providers-snowflake for Apache Airflow Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the...
AirKeyboard iOS App 1.0.5 - Remote Input Injection
Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...
📄 Remote for Windows 2024.15 Unauthenticated Arbitrary Input
Remote for Windows version 2024.15 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...
CVE-2024-28831
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up...
CVE-2023-36637
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields...
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...
CVE-2020-14525
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...
CVE-2019-10665
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...
UBUNTU-CVE-2025-37814
In the Linux kernel, the following vulnerability has been resolved: tty: Require CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f "tty: Permit some TIOCLSETSEL modes without CAPSYSADMIN", but as it turns out, 1 the logic I...
CVE-2025-20193
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this...
Output Messenger 安全漏洞
Output Messenger is an enterprise-grade instant messaging and collaboration software from Output Messenger, Inc. that provides secure internal communications, file sharing, screen sharing, and remote desktop control. A security vulnerability exists in Output Messenger versions prior to 2.0.63,...
CVE-2025-0757
Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and...
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the user details viewing functionality. An attacker can manipulate the host header in HTTP requests to gain unauthorized access to view...
CVE-2024-52882
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...
CVE-2024-52882
CVE-2024-52882 affects AudioCodes One Voice Operations Center (OVOC) prior to 8.4.582. The issue stems from improper neutralization of input via the devices API, enabling an attacker to inject malicious JavaScript (XSS) that targets logged-in administrator sessions. Impact is limited to cross-sit...