12 matches found
CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source that can circumvent the trusted dependencies list. An attacker can cause unintended dependencies to be loaded by including malicious file:, link:, git:, or github: URLs to import packages whose names also exis...
CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...
AndSoft e-TMS 跨站脚本漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue...
RHEL 10 : python-requests (RHSA-2025:13604)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:13604 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
EyouCms 输入验证错误漏洞
EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. An attacker can exploit this vulnerability to redirect users to malicious URLs via the logout feature...
Google Closure Library Input Validation Error Vulnerability
Google Closure Library is the United States Google Google a cross-browser , modular JavaScript library . A security vulnerability exists in the goog.uri file in Google Closure Library v20200224 and earlier versions. An attacker can exploit this vulnerability by sending malicious URLs to obtain...
ownCloud Error Page Cross-Site Scripting Vulnerability
ownCloud is the open source file synchronization and sharing solution. A cross-site scripting vulnerability exists in ownCloud, which can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions,...
Cisco WebEx Meeting Center Open Redirect Vulnerability
Cisco WebEx Meetings Server is a versatile meeting solution that includes audio, video, and Web conferencing in the WebEx Meeting Solution. An open redirection vulnerability exists in Cisco WebEx Meetings Server that allows an attacker to construct malicious URIs, trick users into parsing them, a...
Cisco TelePresence IP VCR Device Cross-Site Request Forgery Vulnerability
The Cisco TelePresence IP VCR device is a telepresence IP recorder device. A cross-site request forgery vulnerability exists in Cisco TelePresence IP VCR devices, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the context...
Cyber security scenario according to WebSense
It's time of stocktaking, principal security firm are proposing their analysis to synthesize actual situation on cyber security, 2012 is widely considered a year when the malware has increased significantly thanks to the contributions of various actors that we will analyze shortly. WebSense has...