19 matches found
CVE-2026-2812
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
CVE-2026-2812
Summary: CVE-2026-2812 affects ArcGIS Server (12.0 and earlier) due to an improper authentication flaw in an undocumented administrative endpoint. An unauthenticated attacker can trigger a crafted request to that endpoint, potentially disrupting the web-based browsing interface. The available doc...
CVE-2026-2812 Improper Authentication issue in ArcGIS Server
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
CVE-2026-2812
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
PT-2026-42221
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
Revive Adserver: Improper sanitisation of input in the settings could cause DoS
A vulnerability was found in the settings functionality of the application where attacker-controlled values in the emailfromName and emailfromCompany fields were persisted and later rendered to pages without proper output encoding. This could have led to the execution of arbitrary JavaScript in t...
EUVD-2025-0051
Malicious code in bioql PyPI...
PT-2025-35949
Name of the Vulnerable Software and Affected Versions NVIDIA Mellanox DPDK affected versions not specified Description NVIDIA Mellanox DPDK contains an issue in the Poll Mode Driver PMD that may allow an attacker on a virtual machine VM within the system to potentially disclose information and...
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-56199
phpMyFAQ is vulnerable from versions 3.2.10 through 4.0.1 to an HTML injection in the FAQ editor (https://.../admin/index.php?action=editentry), enabling injected HTML that disrupts the page UI and can lead to DoS and degraded user experience. The issue is fixed in version 4.0.2; upgrading to 4.0...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...
PT-2024-10219 · Schneider Electric · Powerlogic Hdpm6000
Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic HDPM6000 versions up to 0.62.7 Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which could allow an unauthorized attacker to modify configuration...
Rockwell Automation ArmorStart ST 跨站脚本漏洞
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view user data and modify the web...
Security Bulletin: GUI DOS vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0050)
Summary Security Bulletin: Security Bulletin: GUI DoS vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0050 Vulnerability Details Security Bulletin --- Summary --- GUI interface can be disrupted by exploitation of Apache Tomcat vulnerability Vulnerability Details --- CVEID:...
CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...
ABB System 800xA Batch Management Privilege Permission and Access Control Issues Vulnerability
ABB System 800xA Batch Management is an application software package from ABB Switzerland for configuring, scheduling and managing batch operations. A vulnerability in privilege permission and access control issues exists in ABB System 800xA Batch Management all versions, which can be exploited b...
Debian DSA-3238-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...