CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

PT-2026-31879

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the enable argument within the setSyslogCfg function, accessible via the...

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-30149

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

CVE-2025-30149

CVE-2025-30149 concerns OpenEMR, a free/open source EHR/PM app. It describes a reflected XSS in the AJAX Script interface, specifically in layout_listitems_ajax.php accessed via the target parameter. The vulnerability’s root cause is input reflected back to the user, enabling script injection. Ac...

PT-2025-13796 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3 Description: The issue concerns reflected cross-site scripting XSS in the AJAX Script interface, specifically in the layout listitems ajax.php file via the target parameter. This allows for potential XSS attack...

PT-2023-22289 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: The Document script API returns directly a DocumentAuthors, allowing to set any authors to the document. This can allow subsequent executions of scripts since this auth...

ATM Consulting dolibarr_module_quicksupplierprice SQL注入漏洞

dolibarrmodulequicksupplierprice is an open source application from ATM Consulting. Allows to quickly add supplier prices directly from the supplier order . ATM Consulting dolibarrmodulequicksupplierprice 1.1.6 and earlier versions have a SQL injection vulnerability that stems from a problem with...

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...

Security advisory for analog

SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...