PT-2026-40373

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

📄 Pixa Bank 2.0 SQL Injection

Pixa Bank version 2.0 remote API SQL injection exploit. ================================================================================================================================== | Title : Pixa Bank 2.0 – API SQL Injection | | Author : indoushka | | Tested on : windows 11 FrPro / browser ...

EUVD-2026-28145

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

CVE-2026-35466

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

CVE-2026-20002

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...

CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2019-16468

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

GHSA-6FGX-X7M2-74QM tracexec has `env` command argument injection via environment variables starting with dash in traced exec events

Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...

EUVD-2019-7182

Malware in sbrugna...

EUVD-2015-4001

Malware in sbrugna...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2020-14094

In Xiaomi router R3600, ROM version1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution...

CVE-2019-19285

A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link...

PT-2024-15859 · Grandstream · Grandstream Ucm Series Ip Pbx

Name of the Vulnerable Software and Affected Versions: Grandstream UCM Series IP PBX versions prior to 1.0.20.52 Description: The issue is related to a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

Oracle Weblogic Remote Code Execution Vulnerability

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. Oracle Weblogic remote code execution vulnerability. An attacker can exploit this vulnerability to construct a malicious reques...

CVE-2020-14095

In Xiaomi router R3600, ROM version1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution...

CVE-2019-16468

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

Adobe Patches Five Critical Illustrator CC Flaws

Adobe has released patches for five critical vulnerabilities in Adobe Illustrator CC, its popular vector graphics editor tool, which if exploited could enable arbitrary code execution. Overall Adobe patched nine vulnerabilities as part of its regularly-scheduled updates on Tuesday, including five...

Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users...