7641 matches found
CVE-2026-0788
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...
CVE-2021-47858
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting (XSS) vulnerability in the start_addr field of the Security Management interface. The vulnerability allows injecting scripts that persist and execute for privileged users when they access the security management page. A P...
CVE-2021-47857
CVE-2021-47857 affects Moodle 3.10.3 and is a persistent cross-site scripting (XSS) vulnerability in the calendar event subtitle field. The underlying issue allows an attacker to inject malicious JavaScript into the subtitle track label of a crafted calendar event, with code execution possible wh...
CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...
Malicious code in oce-collaborate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f69f2284ec7835136d41eb191227cc52ebfeafd3b33c0f7ce2d94ffd24cb88 The package oce-collaborate was found to contain malicious code. Source: ghsa-malware c217eb60fb78e5a6fde1b59cd586b4ad864bd1ad9cde77d6b50a79341d4d58d...
Malicious code in internallib_v962 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9664f22a915362fceed28ec2e15ea4bfbc16dbdd91cb358cba05ef247fec36a5 The package internallibv962 was found to contain malicious code. Source: ghsa-malware 1e08ba6555343cafd51a03a186572eaf33065999ee721770a8d507645826dfd...
MAL-2026-385 Malicious code in blocks-builder-manifest-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...
MAL-2026-401 Malicious code in victim-package-c (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 184f83df9021c2d9d54bd3201652ab449b3c54a606b87c484d0a16a657005cf8 The package victim-package-c was found to contain malicious code. Source: ghsa-malware c9415f83d650ad0546aeb398d909c1b7aa8c983d9ca0c37f72e68526eaf6bb...
PT-2026-3546
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page...
MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3115:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3115:01 advisory. 389-ds-base: double free of the virtual attribute context in persistent search CVE-2021-4091 Tenable has extracted the preceding description block directly...
MiracleLinux 7 : flatpak-1.0.9-13.0.1.el7.AXS7 (AXSA:2024-8901:07)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8901:07 advisory. CVE-2024-42472: access to files outside sandbox for apps using persistent directories CVEs: CVE-2024-42472 Flatpak is a Linux application sandboxing and...
Malicious code in tailwin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6f42d8ac771f7de2a89b36d91afb6db0c0445c7c3b9c4c094cf74b1448343d The package tailwin was found to contain malicious code. Source: ghsa-malware 25f1e8ebfcada6d9b8288179365d666ecc4679a549f815f6715e35fc614e03e2 Any...
Techniques of Modern Attacks
The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2021-47839
A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2021-47837
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47839
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...
CVE-2021-47840 Moeditor 0.2.0 - Persistent Cross-Site Scripting
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...
CVE-2021-47838
CVE-2021-47838 affects Markright 1.0 with a persistent cross-site scripting vulnerability in markdown handling. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim’s system. The provided docu...