CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

CVE-2019-25294

The vulnerability (CVE-2019-25294) affects html5_snmp 1.11. A persistent cross-site scripting flaw exists in add_router_operation.php via the Remark parameter. An attacker can send a crafted POST request containing a script payload in Remark, causing arbitrary JavaScript to execute in a victim’s ...

EUVD-2019-19404

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

MAL-2026-801 Malicious code in @rsgweb/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee9f14ff2b440c9d947019c65ffaa29df41116c3e35f18691cfcce733246790a The package @rsgweb/utils was found to contain malicious code. Source: ghsa-malware a9a98e6a12ac6be8573661e76ab7342baf0c83aae4d1907c482230dd5606dbc9...

MAL-2026-793 Malicious code in @meli-lint/eslint-config-base-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4086f80598ff1b89ade2e3e2efb54b1a60f19cdc764415d7d52738252eb98f77 The package @meli-lint/eslint-config-base-ts was found to contain malicious code. Source: ghsa-malware...

Claude Code 安全漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.1.2 contained a security vulnerability. This vulnerability stemmed from the bubblewrap sandbox mechanism, which failed to properly protect the.claude/settings.json file whe...

CVE-2025-14740

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

Malicious code in optimizer-cpu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d9a5679e6f23c70908ce2670edfdec83e685bcab26cddb979e034b158c4748 The package optimizer-cpu was found to contain malicious code. Source: ghsa-malware 47b72b719d340d2e4a2610cd788db370ee5df468243efd141e446a1a1c140bf4...

GHSA-JR3W-9VFR-C746 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

CVE-2025-52633

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...

EUVD-2025-206791

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

PT-2026-6443

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2025-52633

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...

CVE-2019-25263

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded b...

CVE-2025-52633

HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...

CVE-2025-52633 HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...