7577 matches found
PT-2026-8402
SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...
CVE-2025-22849
Incorrect default permissions for the IntelR OptaneTM PMem management software before versions CRMGMT01.00.00.3584, CRMGMT02.00.00.4052, CRMGMT03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined...
CVE-2025-59904
The CVE-2025-59904 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, triggered by multiple parameters in the /kForms/app endpoint. The issue allows malicious scripts to be injected and executed in the context of users accessing the affected resource, indicating a clie...
CVE-2025-59904
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...
CVE-2025-59904 Stored Cross-Site Scripting vulnerability in Kubysoft
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...
Kubysoft 跨站脚本漏洞
Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability. This vulnerability stems from multiple parameters in the /forms/app endpoint, which are vulnerable to storage-based cross-site scripting attacks. This may allo...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from the tunable parameter in the systemadvancedsysctl.php endpoint,...
MAL-2026-889 Malicious code in responses-starter-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a4aedeb600114d998f8a0351978f589d1d3e9d55ebe061e7d25e95db19d2c7 The package responses-starter-app was found to contain malicious code. Source: ghsa-malware...
CVE-2026-25949
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest STARTTLS prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read...
GHSA-9278-6HCJ-2P4J Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...
CVE-2019-25311
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...
CVE-2019-25317 Kimai 2- persistent cross-site scripting (XSS)
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...
CVE-2019-25311 thesystem Persistent XSS
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...
CVE-2019-25311
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...
CVE-2019-25311
The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...
CVE-2026-2099
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
PT-2026-7606
Name of the Vulnerable Software and Affected Versions thesystem version 1.0 Description thesystem version 1.0 has a persistent cross-site scripting issue. Attackers can inject malicious scripts through several server data input fields. Specifically, crafted script payloads can be submitted in the...
PT-2026-7609
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: gostatsd, git-sync, crossplane-provider-aws-kms, knative-operator, cluster-proportional-autoscaler, cloud-sql-proxy, crossplane-provider-aws-dynamodb, kubernetes-csi-external-snapshotter, prometheus-blackbox-exporter, secrets-store-csi-driver-provider-aws,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gostatsd, blobfuse2, git-sync, smarter-device-manager, crossplane-provider-aws-kms, knative-operator, protoc-gen-go, cluster-proportional-autoscaler, cloud-sql-proxy, crossplane-provider-aws-dynamodb, kubernetes-csi-external-snapshotter, prometheus-blackbox-exporter,...