HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a security vulnerability. This vulnerability stems from improper error handling in the reporting module. When invalid or out-of-range...

URVE Smart Office 跨站脚本漏洞

URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...

EUVD-2017-12228

Malware in sbrugna...

EUVD-2017-2005

Malware in sbrugna...

EUVD-2025-8228

Malicious code in bioql PyPI...

CVE-2019-1319

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'...

CVE-2019-19702

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

Dell PowerProtect Data Manager Reporting 安全漏洞

Dell PowerProtect Data Manager Reporting is a data protection management software. An elevation of privilege vulnerability exists in Dell PowerProtect Data Manager Reporting, which can be exploited by an attacker to gain elevated privileges because the program fails to properly restrict API...

CVE-2025-27406

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...

CVE-2025-27406 Icinga Reporting Stored XSS leads to SSRF

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...

Rockwell Automation FactoryTalk

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code on the device with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

PT-2024-5212 · Telerik · Telerik Reporting

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 18.1.24.709 Description: The issue is related to an insecure type resolution vulnerability, allowing for object injection and potentially enabling a code execution attack. This can be exploited ...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Unspecified Vulnerability in Oracle BI Publisher (CNVD-2021-04814)

Oracle BI Publisher is a reporting solution that makes it easier and faster than traditional reporting tools to produce, manage and deliver all reports and documents. An unspecified vulnerability exists in the E-Business Suite - XDO component in Oracle BI Publisher 5.5.0.0.0, 11.1.1.9.0,...

Microsoft Windows Error Reporting Information Disclosure Vulnerability (CNVD-2021-27708)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Error Reporting WER is one of the error reporting components. An information...

Cross site scripting

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS...

PT-2018-6278 · Sap · Sap Bpc

Name of the Vulnerable Software and Affected Versions: SAP BPC affected versions not specified Description: The issue concerns an XML external entity vulnerability in the reporting functionality. It can be triggered by a specially crafted XML request, leading to information disclosure and potenti...

Google Chrome CSP reporting information disclosure vulnerability

Google Chrome is a web browser developed by Google.Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA.CSP reporting is a content security policy reporting component. An information disclosure vulnerability exists in CSP reporting in versio...

OnionScan - Onion Services Security Scan

The purpose of this tool is to make you a better onion service provider. You owe it to yourself and your users to ensure that attackers cannot easily exploit and deanonymize. Go Dependencies h12.me/socks - For the Tor SOCKS Proxy connection. github.com/xiam/exif - For EXIF data extraction...