39 matches found
EUVD-2026-36542
parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL...
CVE-2026-53726
Parse Server contains a vulnerability in the relation query operator $relatedTo. Before versions 8.6.80 and 9.9.1-alpha.6, an unauthenticated client with public API credentials could read membership of a Relation field protected by protectedFields or object ACLs, potentially enumerating objects l...
CVE-2026-21003
CVE-2026-21003 describes improper input validation of data related to network restrictions before SMR Apr-2026 Release 1, enabling physical attackers to bypass those restrictions. The impact in the provided metrics shows no confidentiality impact, high integrity and availability impact, with phys...
MINI-858M-99WX-9MRX
Bulletin has no description...
MINI-G4CP-8885-94CP
Bulletin has no description...
CVE-2025-4763
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
MINI-58CF-QRX4-9V85
Bulletin has no description...
CGA-QFF9-CVQP-78P6
Bulletin has no description...
EUVD-2007-2732
Malware in sbrugna...
CVE-2024-54224 WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7...
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...
SUSE CVE-2009-4538
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537...
SUSE CVE-2017-11146
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none...
aterteramo.it Cross Site Scripting vulnerability OBB-2848491
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
joybike.de Cross Site Scripting vulnerability OBB-2690644
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
RHEL 7 : java-11-openjdk (RHSA-2022:0204)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0204 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...
americadourada.ba.gov.br Cross Site Scripting vulnerability OBB-2239270
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
VulnCheck KEV: CVE-2020-14882
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750...
shivanandavidyalaya.org Cross Site Scripting vulnerability OBB-1253609
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...