3138 matches found
PT-2026-5567
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
CVE-2026-23726
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...
CVE-2026-23726
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...
CVE-2026-23726 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoEntradaControle)
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...
CVE-2026-1008
A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...
CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields
A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...
CVE-2026-1008
A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...
CVE-2009-4534
Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2022-23102
A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0. Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks...
CVE-2011-0908
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526...
CVE-2020-23050
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code...
CVE-2022-26950
Archer 6.x through 6.9 P2 6.9.0.2 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to t...
CVE-2024-41805
Tracks, a Getting Things Done GTD web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing...
CVE-2022-31040
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a referer querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 is affected by a cross-site scripting vulnerability in the msg parameter of pluginInstall.php due to unvalidated input. The issue allows injection of arbitrary JavaScript in victim browsers, with potential credential theft and phishing. Affected component: F...
CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts
Ledger confirms data breach via Global-e partner. Customer info exposed, phishing attacks active. No passwords or crypto recovery phrases leaked...
PT-2025-53852
Name of the Vulnerable Software and Affected Versions ISOinsight versions affected versions not specified Description ISOinsight, developed by NetVision Information, exhibits a Reflected Cross-site Scripting issue. This allows attackers who do not need to be logged in to execute arbitrary...
Mozilla Firefox < 2.0.0.8
The version of Firefox installed on the remote Windows host is prior to 2.0.0.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2007-33 advisory. - Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language...
CVE-2025-14019
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks...