8748 matches found
CVE-2025-4763
CVE-2025-4763 is a reflected XSS vulnerability in Hotel Guest Hotspot by Aida Computer Information Technology Inc. The issue arises from improper neutralization of input during web page generation, allowing an attacker to inject malicious script. Affected product/version scope is stated as Hotel ...
CVE-2025-4763 XSS in Aida Computer's Hotspot
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
PT-2026-4133
Name of the Vulnerable Software and Affected Versions FooEvents for WooCommerce versions through 1.20.4 Description A flaw exists in FooEvents for WooCommerce that allows for SQL Injection. The issue is due to improper neutralization of special elements within SQL commands. This could potentially...
PT-2026-4097
Name of the Vulnerable Software and Affected Versions Arevico WP Simple Redirect versions through 1.1 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This allows a...
PT-2026-4080
Name of the Vulnerable Software and Affected Versions DotLife versions prior to 4.9.5 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the execution of malicious scripts...
Dell Unisphere for PowerMax SQL Injection Vulnerability
Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. The version 10.2.0.x of Dell Unisphere for PowerMax has a SQL injection vulnerability. This vulnerability arises from improper neutralization of special elements, which may lead to SQL injection...
PT-2026-4091
Name of the Vulnerable Software and Affected Versions woofer696 Dinatur versions through 1.18 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting XSS issue. This allows for the injection of malicious...
PT-2026-4142
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through = 2.8...
PT-2026-4069
Name of the Vulnerable Software and Affected Versions codisto Omnichannel for WooCommerce versions through 1.3.65 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection o...
PT-2026-4256
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress Course Review: from n/a through = 4.1.9...
PT-2026-4259
Name of the Vulnerable Software and Affected Versions shinetheme Traveler versions prior to 3.2.8 Description An issue exists in shinetheme Traveler that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows an attacker to potentiall...
PT-2026-3969
Name of the Vulnerable Software and Affected Versions LambertGroup xPromoter versions through 1.3.4 Description A Reflected Cross-site Scripting XSS issue exists in the top bar promoter component of LambertGroup xPromoter. This allows for improper neutralization of input during web page generatio...
PT-2026-4250
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization in the email header when folding a long comment that contains only unfoldable characters. An attacker can inject headers into a message between unhandled parentheses. Remediation A fix was pushed into the master...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...
CVE-2026-21618
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
CVE-2026-21618
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
EUVD-2026-3322
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...
openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20034-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20034-1 advisory. - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. -...