4521 matches found
CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)
A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...
NVIDIA Cumulus Linux和NVIDIA NVOS 安全漏洞
NVIDIA Cumulus Linux and NVIDIA NVOS are both products of NVIDIA Corporation, a US-based company. NVIDIA Cumulus Linux is a powerful open-source network operating system. NVIDIA NVOS is also an operating system. Both NVIDIA Cumulus Linux and NVIDIA NVOS have security vulnerabilities; these...
Hitachi Energy Relion REB500 安全漏洞
Hitachi Energy Relion REB500 is a distributed busbar protection system developed by Hitachi Energy. There is a security vulnerability in Hitachi Energy Relion REB500. This vulnerability stems from the ability of low-privilege verified users to access and modify the contents of unauthorized...
Metabase 安全漏洞
Metabase is an open-source data analysis platform developed by the American company Metabase. Versions of Metabase prior to 0.57.13 and 0.58.6 contain security vulnerabilities. These vulnerabilities stem from improper template evaluation, which may allow low-privilege users to extract sensitive...
Statamic affected by privilege escalation via stored cross-site scripting
Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
Lavalite CMS 安全漏洞
Lavalite CMS is an open-source content management system based on PHP. Version 10.1.0 of Lavalite CMS has a security vulnerability caused by improper access control, which may allow low-privilege users to directly access the administration backend...
CVE-2026-25759
Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...
SAP ABAP Platform和SAP NetWeaver Application Server ABAP 安全漏洞
SAP ABAP Platform and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP ABAP Platform is an SAP solution based on ABAP language. SAP NetWeaver Application Server ABAP is a platform for running and developing applications written in the ABAP language. There are...
Siemens SINEC NMS 代码问题漏洞
Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...
CVE-2026-23797
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...
CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...
CVE-2026-24671
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...
CVE-2026-24671
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...
EUVD-2026-5238
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...
CVE-2026-24671
Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...
CVE-2026-24671
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...
Open eClass 跨站脚本漏洞
Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts in multiple user-controllable input fields, which could allo...
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...