43 matches found
UNA CMS <= 14.0.0-RC4 - PHP Object Injection
The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...
CVE-2009-4983
Multiple cross-site scripting XSS vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to 1 category.php and 2 wcategory.php, and the 3 keywords parameter to search.php...
CVE-2013-6280
Cross-site scripting XSS vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2024-2259
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...
EUVD-2021-8620
Malicious code in bioql PyPI...
CVE-2025-53756
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this...
PT-2025-24933 · Unknown · Archiverspaapi
Name of the Vulnerable Software and Affected Versions: ArchiverSpaApi affected versions not specified Description: The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...
SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...
CVE-2024-56529
CVE-2024-56529 concerns Mailcow’s web panel up to version 2024-11b, where a session fixation flaw allows an attacker to set a session ID when a victim’s browser has HSTS disabled. After user authentication, the attacker can reuse the same session ID to access the victim’s web panel. Root cause: o...
CVE-2025-0434
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Linksys E3000 diag_ping_start Command Injection Vulnerability
The Linksys E3000 is a powerful dual-band Wireless-N router from Linksys USA. A security vulnerability exists in Linksys E3000 diagpingstart, which can be exploited by a remote attacker to submit a special request that can be used in an application context to execute arbitrary commands...
Cisco Secure Firewall Management Center Command Execution Vulnerability
Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. A command execution vulnerability exists in Cisco Secure Firewall Management Center that stems from insufficient input validation of certain HTTP request parameters sent to the web management...
IBM Aspera User Enumeration Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A user enumeration vulnerability exists in IBM Aspera Orchestrator version 4.0.1. The vulnerability stems from a significant difference between valid and...
IBM Cognos Analytics Web UI Cross-Site Scripting Vulnerability (CNVD-2024-13549)
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. A cross-site scripting vulnerability exists in the IBM Cognos Analytics Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain...
GHSA-3X76-J3JJ-439J MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
Wibu-Systems CodeMeter CmWAN Denial of Service Vulnerability
The Wibu-Systems CodeMeter is a basic technology for all protection and licensing solutions offered by Wibu-Systems. A security vulnerability exists in Wibu-Systems CodeMeter CmWAN, which can be exploited by a remote attacker to submit a special request that can crash the application...
BaserCMS OS Command Injection Vulnerability
BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...
Invigo Automatic Device Management Session Validity Check Vulnerability
Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...
Command Execution Vulnerability in the InRouter900 Industrial Router from Johntons
The Johnton-InRouter900 series industrial router is a 4G industrial router. A command execution vulnerability exists in the InRouter900 Industrial Router. The vulnerability stems from the program's failure to properly validate user data and can be exploited by a remote attacker to execute arbitra...