330 matches found
CVE-2021-47917
CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...
Apache Linkis security vulnerabilities
Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis prior to 1.7.0 contain security vulnerabilities. These vulnerabilities stem from...
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13444
The CVE-2025-13444 family concerns OS Command Injection / Remote Code Execution in Progress Software Kemp LoadMaster. Connected ZDI advisories detail multiple command-injection flaws in LoadMaster commands (delapikey, getcipherset, listapikeys, delcert, addapikey) where unsanitized user data is p...
CVE-2018-18325
DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...
CVE-2020-12487
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege...
CVE-2025-67858
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...
CVE-2021-47716
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716
Orangescrum 1.8.0 is affected by multiple cross-site scripting (XSS) vulnerabilities exposed via authenticated endpoints. The issue arises from insufficient validation of inputs such as projid, CS_message, and name, allowing an attacker to inject arbitrary JavaScript into victims’ browsers by sub...
PT-2025-52828
Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description The application has multiple cross-site scripting issues that permit authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters such as projid, C...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unvalidated user queue input parameters...
Cross-site Scripting (XSS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via exposed input parameters. An administrator can execute arbitrary JavaScript code in the context of the user's...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23555)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...
EUVD-2017-8877
Malware in sbrugna...
EUVD-2020-9317
Malware in sbrugna...
EUVD-2018-8102
Malware in sbrugna...
EUVD-2005-1926
Malware in sbrugna...
EUVD-2006-1079
Malware in sbrugna...