105808 matches found
EUVD-2026-34181
OpenStack Ironic through 35.0.x allows Boot Script Injection...
CVE-2026-46447
OpenStack Ironic through 35.0.x allows Boot Script Injection...
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages
Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...
CVE-2026-8879
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
Gogs Git Rebase Argument Injection RCE
This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
EUVD-2026-34165
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
CVE-2026-8879 CVE-2026-8879
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
CVE-2026-8879
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
CVE-2026-8879
CVE-2026-8879 affects the Securly Chrome Extension (v3.0.7). It dynamically registers content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), bypassing manifest.json and the Chrome Web Store review. The script runs on all URLs, hides page content, displays a...
CVE-2026-20175
CVE-2026-20175 – Cisco Finesse remote file inclusion vulnerability. An unauthenticated, remote attacker can load arbitrary files into an active user session by sending a crafted HTTP request, potentially enabling browser‑based attacks and execution of script code or access to sensitive informatio...
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
CVE-2026-20175 Cisco Finesse File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
Cisco Finesse Remote File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
CVE-2026-47324
ProjectsAndPrograms school-management-system is vulnerable to Stored XSS in multiple attributes of student and teacher objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that executes in other users’ browsers. When chained with CVE-2025-11661 (unaut...
DedeCMS - Open Redirect via download.php
Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...
Combodo iTop <2.2.0-2459 - Cross-Site Scripting
Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. id: CVE-2015-6544 info: name: Combodo iTop 2.2.0-2459 - Cross-Site Scripting author:...
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...
Podcast Channels < 0.28 - Cross-Site Scripting
The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...