Nokia IMPACT 安全漏洞

Nokia IMPACT is a set of IoT intelligent management platforms developed by Finnish company Nokia. Versions of Nokia IMPACT such as 19.11.2.10-20210118042150283 and earlier contain security vulnerabilities. These vulnerabilities stem from the Applications component, which allows JavaScript files t...

NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...

HTML Injection Vulnerability in IBM webMethods Integration Server

IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...

GHSA-4RV8-5CMM-2R22 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List

Summary A stored Cross-site Scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user...

MAL-2026-1063 Malicious code in cicd-ppe-redteam-test01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom RSE Attribute of the WebUI where...

Exploit for Missing Authorization in Xwiki

Research: XWiki Platform RCE CVE-2024-55879 Simulation !Se...

CVE-2026-25735

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Identity Name of the WebUI where...

CVE-2026-26351

GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...

CVE-2026-25603

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512

Affected product/firmware: Shenzhen Tenda F3 Wireless Router, firmware V12.01.01.55_multi. Issue: Content-type confusion in the administrative interface where responses omit the X-Content-Type-Options: nosniff header and reflect attacker-influenced content into the response body. MIME sniffing ma...

CVE-2019-25449

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

CVE-2026-26370

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...

Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

Cross Site Scripting (XSS)

Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient file type validation in profile picture uploads, which allows an attacker to upload malicious content that executes scripts when rendered...

CVE-2026-26370

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...

CVE-2026-26370

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...