21 matches found
CVE-2026-9806
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CVE-2026-9806
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
EUVD-2026-32728
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CVE-2026-9806
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CVE-2026-9806
CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...
PT-2026-44211
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
CTI-Transmute 安全漏洞
CTI-Transmute is an open-source network threat intelligence format conversion service developed by the MISP Project. CTI-Transmute has a security vulnerability. This vulnerability stems from the fact that the notification messages in the notification panel contain transition names that are...
EUVD-2023-44277
Malicious code in bioql PyPI...
CVE-2023-3631
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but...
CVE-2023-3631
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but...
CVE-2023-3631 SQLi in Medart Notification Panel
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but...
CVE-2023-3631
CVE-2023-3631 concerns the Medart Health Services Medart Notification Panel, where an SQL injection vulnerability arises from improper neutralization of special elements. The issue affects the Medart Notification Panel up to version 20231123 (and earlier). The CVSS v3.1 vector indicates a network...
Medart Health Services SQL Injection Vulnerability
Medart Health Services is an application from Medart, Inc. A SQL injection vulnerability exists in Medart Health Services Medart Notification Panel version 20231123 and prior versions, which stems from improper neutralization of special elements...
PT-2023-25525
Name of the Vulnerable Software and Affected Versions Medart Notification Panel versions through 20231123 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor...
Hiro: Information Disclosure
It looks like I can access notification panel of any user. https://forum.blockstack.org/u/username/notifications Just change the username with the desired username and you are redirected to their notification panel...
Google finally announces Android N's name and It's not Nutella
No, it's not Nutella. Google has finally announced the official name of the latest version of its Android mobile software, codenamed Android N: "Nougat." Yes, the next version of sugary snack-themed Android and the successor to Android Marshmallow will now be known as Android Nougat, the company...
WordPress Symposium 14.05.02 Cross Site Request Forgery
Plugin Name : WP Symposium A8-Cross-SiteRequestForgeryCSRF Effected Version : 14.05.02 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concep...