170225 matches found
EUVD-2026-41871
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...
CVE-2026-44937
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...
CVE-2026-14808
CVE-2026-14808 concerns the Prog Management System from PROG MIS, with an exposed sensitive-information vulnerability. Unauthenticated remote attackers can access a specific page and obtain the database account and password, leading to high-impact confidentiality and integrity risks (CVSS ~9.3–9....
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. id: CVE-2021-40972 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity: medi...
phpShowtime 2.0 - Directory Traversal
A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo severity: medium description: A...
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. id: CVE-2004-0519 info: name: SquirrelMail 1.4.x -...
EpiServer Find <13.2.7 - Open Redirect
EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...
Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this...
JustWriting - Cross-Site Scripting
A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. id: CVE-2021-41467 info: name: JustWriting - Cross-Site Scripting author: madrobot severity: medium...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...
Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter. id: CVE-2021-26710 info: name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting author: pikpikcu...
SonarQube - Authentication Bypass
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. id: CVE-2020-27986 info: name: SonarQube - Authentication Bypass author: pikpikcu severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to...
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...
Glances - Information Disclosure
Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...
Xinuo Openserver 5/6 - Cross-Site scripting
Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
SPIP <3.1.2 - Cross-Site Scripting
SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...