12 matches found
CVE-2026-34965
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...
EUVD-2025-25817
Malicious code in bioql PyPI...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-50975
The CVE-2025-50975 entry concerns IPFire 2.29, where the web-based firewall interface (firewall.cgi) does not sanitize multiple rule parameters (PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, tgt_addr). This allows an authenticated administrator to inject persistent J...
PT-2025-34808 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
Monitor Windows Registry Changes with Qualys File Integrity Monitoring
With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...
CVE-2020-24353
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header...
Cross site request forgery (csrf)
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header...
CVE-2020-24353
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header...