CVE-2026-29046

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

Cisco Enterprise Chat and Email 跨站脚本漏洞

Cisco Enterprise Chat and Email is a set of enterprise chat and email solutions from Cisco USA. Cisco Enterprise Chat and Email is a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary code in the context of the interface or access sensitive browser-based...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco USA that are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices.Cisco Security Manager is vulnerable to a cross-site scripting vulnerability...

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cross-site scripting vulnerability exists in Cisco Industrial Network Director. An attacker could...

CGIHandler: sets environmental variable based on user supplied Proxy request header

It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP...