58 matches found
CVE-2019-11537
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...
CVE-2020-7239
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...
EUVD-2017-14718
Malware in sbrugna...
EUVD-2003-1507
Malware in sbrugna...
EUVD-2012-1602
Malware in sbrugna...
EUVD-2004-1408
Malware in sbrugna...
EUVD-2007-3408
Malware in sbrugna...
EUVD-2007-3352
Malware in sbrugna...
EUVD-2002-0408
Malware in sbrugna...
EUVD-2013-6734
Malware in sbrugna...
EUVD-2017-9979
Malware in sbrugna...
EUVD-2020-27264
Malware in sbrugna...
EUVD-2012-2311
Malware in sbrugna...
CVE-2025-48705
An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot...
CVE-2023-26238
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe...
CVE-2023-47610
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message...
CVE-2025-46719
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...
CVE-2025-2830
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
CVE-2025-2830
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
CVE-2025-26659
SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting XSS vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the...