3428 matches found
CVE-2023-53985
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...
CVE-2026-0861
Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...
CVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network...
CLSA-2026-1768413370 libpq: Fix of CVE-2025-12818
CVE-2025-12818: fix integer overflow in libpq size calculations to prevent undersized allocations and potential out-of-bounds writes from untrusted inputs...
CVE-2023-53985
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...
CVE-2023-53985
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...
CVE-2022-50937
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...
CVE-2023-53985
CVE-2023-53985 affects Zstore (now Zippy CRM) version 6.5.4. A reflected cross-site scripting vulnerability exists due to unvalidated input parameters, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser context. The CVSS metrics indicate network access with low ...
CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...
CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...
CVE-2022-50937
Ametys CMS v4.4.1 contains a persistent cross-site scripting (XSS) vulnerability in the link directory’s input fields for external links. An attacker can inject script into link text and descriptions, enabling persistent attacks that can compromise user sessions and manipulate application modules...
CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...
CVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network...
CVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network...
CVE-2026-20849
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network...
Windows Kerberos Elevation of Privilege Vulnerability
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network...
CVE-2025-13447
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13444
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...
CVE-2025-13447
CVE-2025-13447 corresponds to a remote code execution via OS Command Injection in Progress LoadMaster API. The connected ZDI advisories detail multiple command-injection flaws (delapikey, delcert, listapikeys, addapikey, getcipherset) that allow authenticated network-adjacent attackers to execute...
Ametys Cms 跨站脚本漏洞
Ametys Cms is used by the Ametys community to run large enterprise websites, blogs, Intranet and Extranet on the same server. a free open source content management system written in Java. A cross-site scripting vulnerability exists in Ametys CMS version v4.4.1, which stems from stored cross-site...